Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bbae082ce145c1e0c81fd164bbed75d93d971cb3
https://github.com/WebKit/WebKit/commit/bbae082ce145c1e0c81fd164bbed75d93d971cb3
Author: Wenson Hsieh <[email protected]>
Date: 2023-04-18 (Tue, 18 Apr 2023)
Changed paths:
M Source/WebCore/page/ContextMenuContext.h
M Source/WebKit/Shared/ContextMenuContextData.h
M Source/WebKit/UIProcess/API/APIContextMenuElementInfoMac.h
Log Message:
-----------
REGRESSION (261793@main): [Mail] Clicking markup button causes
image/attachment to go blank/disappear
https://bugs.webkit.org/show_bug.cgi?id=255627
rdar://107635311
Reviewed by Aditya Keerthi.
After the changes in 261793@main, `WebKit::ContextMenuContextData` no longer
decodes properly in the
UI process, when created via service controls codepaths (i.e. when clicking the
services rollover
button over an attachment in Mail). This is because one of the new members,
`m_hasEntireImage`, is
uninitialized to either `true` or `false` and ends up triggering undefined
behavior; in turn, code
in the UI process expects either a value of exactly 0 or 1 when decoding `bool`
types, so we
subsequently fail to decode and `MESSAGE_CHECK` the Mail web content process.
Fix this by simple initializing `m_hasEntireImage` (I've also added a few more
initial values to
harden against similar bugs in the future).
Covered by the existing API test:
ImageAnalysisTests.RemoveBackgroundItemInServicesMenu, which began
timing out after 261793@main. Also, credit to Aditya for being the first to
spot that
`m_hasEntireImage` is uninitialized.
* Source/WebCore/page/ContextMenuContext.h:
* Source/WebKit/Shared/ContextMenuContextData.h:
* Source/WebKit/UIProcess/API/APIContextMenuElementInfoMac.h:
Canonical link: https://commits.webkit.org/263109@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
