Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 795c0f6d648c62b60ce3b98f25414a420b155bb1
https://github.com/WebKit/WebKit/commit/795c0f6d648c62b60ce3b98f25414a420b155bb1
Author: Chris Dumez <[email protected]>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M Source/WebCore/loader/SubresourceLoader.cpp
M Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
M Source/WebCore/loader/cache/CachedCSSStyleSheet.h
Log Message:
-----------
Crash under PAL::newTextCodec(PAL::TextEncoding const&)
https://bugs.webkit.org/show_bug.cgi?id=264979
rdar://118267012
Reviewed by Brent Fulgham.
There is evidence for crashes in the wild that the CachedCSSStyleSheet or
the TextResourceDecoder are being used after getting freed. To prevent this,
protect both these objects in the code path identified by the crashes.
This is a speculative fix but it should be very safe.
* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFinishLoading):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::finishLoading):
(WebCore::CachedCSSStyleSheet::protectedDecoder const):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.h:
Originally-landed-as: 267815.575@safari-7617-branch (4c3430842100).
rdar://119598663
Canonical link: https://commits.webkit.org/272391@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
