Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d7832a4e54aded809a7ea2d90b9d014d882e0e71
https://github.com/WebKit/WebKit/commit/d7832a4e54aded809a7ea2d90b9d014d882e0e71
Author: Chris Dumez <[email protected]>
Date: 2023-07-07 (Fri, 07 Jul 2023)
Changed paths:
M Source/WebCore/platform/network/BlobResourceHandle.cpp
M Source/WebCore/platform/network/BlobResourceHandle.h
M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp
M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.h
Log Message:
-----------
Potential crash under NetworkDataTaskBlob::dispatchDidReceiveResponse()
https://bugs.webkit.org/show_bug.cgi?id=258951
rdar://111798349
Reviewed by Youenn Fablet.
In getSizeForNext(), we call seek() and then dispatchDidReceiveResponse().
After 261968@main, seek() could call fail internally and call didFail().
However, we could still call dispatchDidReceiveResponse() right after in
case of failure.
We now propagate the error state out of seek() and have the caller call
didFail() and then early return instead of calling dispatchDidReceiveResponse().
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp:
(WebKit::NetworkDataTaskBlob::getSizeForNext):
(WebKit::NetworkDataTaskBlob::seek):
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.h:
Canonical link: https://commits.webkit.org/265848@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
