Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 85fd2302d16a09a82d9a6e81eb286babb23c4b3c
https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c
Author: Antoine Quint <[email protected]>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Source/WebCore/animation/WebAnimation.cpp
Log Message:
-----------
Potential use-after-free in WebAnimation::commitStyles
https://bugs.webkit.org/show_bug.cgi?id=254840
rdar://107444873
Reviewed by Dean Jackson and Darin Adler.
Ensure that the animation's effect and target are kept alive for the duration
of this method
since it is possible that calling updateStyleIfNeeded() could call into
JavaScript and thus
these two pointers could be changed to a null value using the Web Animations
API.
* Source/WebCore/animation/WebAnimation.cpp:
(WebCore::WebAnimation::commitStyles):
Originally-landed-as: 259548.532@safari-7615-branch (1d6fe184ea53).
rdar://107444873
Canonical link: https://commits.webkit.org/264363@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
