Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4fbe97d9d0c4dc427ddcf7084b224ba3ee0ad6b8
https://github.com/WebKit/WebKit/commit/4fbe97d9d0c4dc427ddcf7084b224ba3ee0ad6b8
Author: Vassili Bykov <[email protected]>
Date: 2025-05-21 (Wed, 21 May 2025)
Changed paths:
M Source/WTF/wtf/cocoa/NSURLExtras.mm
Log Message:
-----------
NSData created by dataWithUserTypedString causes a crash when
MALLOC_HEAP_BREAKDOWN is turned on
https://bugs.webkit.org/show_bug.cgi?id=293369
rdar://151776839
Reviewed by Mark Lam and Darin Adler.
The function has been changed some 6 months ago to use a Vector<char> to
allocate and populate the
memory buffer, instead of a raw malloc and pointer operations. The buffer is
then extracted from the
vector and registered to be freed using FastMalloc::free(). This assumes that
the buffer was
initially allocated by FastMalloc. The assumption doesn't hold when
MALLOC_HEAP_BREAKDOWN is on and
vector buffers are allocated by VectorBufferMalloc. FastMalloc::free() in that
case sees the pointer
as misaligned and crashes. This happens on startup in both Safari and
MiniBrowser.
The patch changes the deallocator logic to use VectorBufferMalloc::free(),
which automatically
uses the allocator appropriate for the current MALLOC_HEAP_BREAKDOWN setting.
Canonical link: https://commits.webkit.org/295226@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
