Branch: refs/heads/webkitglib/2.48
Home: https://github.com/WebKit/WebKit
Commit: e905b0d4d53cd5a7b191ca8aa1167c9fc713cc03
https://github.com/WebKit/WebKit/commit/e905b0d4d53cd5a7b191ca8aa1167c9fc713cc03
Author: Pratiksha Choudhury <[email protected]>
Date: 2025-03-13 (Thu, 13 Mar 2025)
Changed paths:
A LayoutTests/mathml/mathml-invalid-frame-crash-expected.txt
A LayoutTests/mathml/mathml-invalid-frame-crash.html
M Source/WebCore/mathml/MathMLElement.cpp
Log Message:
-----------
Cherry-pick 291060@main (5a55a82ed227).
https://bugs.webkit.org/show_bug.cgi?id=288296
Nullptr crash in WebCore::MathMLElement::isKeyboardFocusable
https://bugs.webkit.org/show_bug.cgi?id=288296
rdar://144405709
Reviewed by Anne van Kesteren and Ryosuke Niwa.
Added a nullptr check for the LocalFrame before focused keyboard events.
* LayoutTests/mathml/mathml-invalid-frame-crash-expected.txt: Added.
* LayoutTests/mathml/mathml-invalid-frame-crash.html: Added.
* Source/WebCore/mathml/MathMLElement.cpp:
(WebCore::MathMLElement::isKeyboardFocusable const):
Canonical link: https://commits.webkit.org/291060@main
Canonical link: https://commits.webkit.org/290945.61@webkitglib/2.48
Commit: 52fabadd703b8f67254a6018c5e24eddc02aefd6
https://github.com/WebKit/WebKit/commit/52fabadd703b8f67254a6018c5e24eddc02aefd6
Author: Jer Noble <[email protected]>
Date: 2025-03-13 (Thu, 13 Mar 2025)
Changed paths:
M Source/WebCore/platform/encryptedmedia/clearkey/CDMClearKey.cpp
M Source/WebCore/platform/encryptedmedia/clearkey/CDMClearKey.h
Log Message:
-----------
Cherry-pick 291062@main (bab44461e2fb).
https://bugs.webkit.org/show_bug.cgi?id=288498
CRASH in CDMInstanceSessionClearKey::requestLicense()
rdar://145358917
https://bugs.webkit.org/show_bug.cgi?id=288498
Reviewed by Eric Carlson.
`cdmInstanceProxy()` will return a WeakPtr, and since both that class
and CDMInstanceSessionClearKey are reference-counted, their lifetimes
can become decoupled. It is therefore unsafe to dereference that `WeakPtr`
without a null-check. Separately, CDMInstanceClearKey is type specialized
and should be using dynamicDowncast rather than a statci_cast.
* Source/WebCore/platform/encryptedmedia/clearkey/CDMClearKey.cpp:
(WebCore::CDMInstanceSessionClearKey::updateLicense):
(WebCore::CDMInstanceSessionClearKey::protectedParentInstance const):
(WebCore::CDMInstanceSessionClearKey::parentInstance const): Deleted.
* Source/WebCore/platform/encryptedmedia/clearkey/CDMClearKey.h:
Canonical link: https://commits.webkit.org/291062@main
Canonical link: https://commits.webkit.org/290945.62@webkitglib/2.48
Compare: https://github.com/WebKit/WebKit/compare/39cd9255bd41...52fabadd703b
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
