Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3bce213c8ad6432cddd6b2768c54da61c1d76dc6
https://github.com/WebKit/WebKit/commit/3bce213c8ad6432cddd6b2768c54da61c1d76dc6
Author: David Kilzer <[email protected]>
Date: 2026-05-20 (Wed, 20 May 2026)
Changed paths:
M Source/WebCore/workers/service/server/SWServer.cpp
Log Message:
-----------
SWServer::topLevelServiceWorkerClientFromPageIdentifier() crashes when maps
are out-of-sync
<https://bugs.webkit.org/show_bug.cgi?id=308844>
<rdar://157943937>
Reviewed by Brent Fulgham.
A crash occurs in `topLevelServiceWorkerClientFromPageIdentifier()` when
the Service Worker maps `m_clientIdentifiersPerOrigin` and `m_clientsById`
become out-of-sync. The function iterates over client identifiers from
`m_clientIdentifiersPerOrigin` and calls `m_clientsById.find()` for each
one, but never checks whether the result equals `m_clientsById.end()`
before dereferencing it.
Add an end-iterator check in `topLevelServiceWorkerClientFromPageIdentifier()`
and use `continue` to skip missing clients (matching the pattern in
`clientIsAppInitiatedForRegistrableDomain()`).
Also replace the ASSERT-only guard in `serviceWorkerClientWithOriginByID()`
with a proper end-iterator check that returns `std::nullopt` in release
builds.
No test since this is a race condition with no known steps to reproduce.
* Source/WebCore/workers/service/server/SWServer.cpp:
(WebCore::SWServer::serviceWorkerClientWithOriginByID):
- Replace ASSERT-only check with end-iterator check returning
std::nullopt.
(WebCore::SWServer::topLevelServiceWorkerClientFromPageIdentifier):
- Add end-iterator check with ASSERT_NOT_REACHED() to continue in order
to skip missing clients.
Originally-landed-as: 305413.383@rapid/safari-7624.2.5.110-branch
(91ab7f0ce691). rdar://176067466
Canonical link: https://commits.webkit.org/313635@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
