Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c864982865723cc8d60512d9d99a6ff9c6adab6d
https://github.com/WebKit/WebKit/commit/c864982865723cc8d60512d9d99a6ff9c6adab6d
Author: Youenn Fablet <[email protected]>
Date: 2025-06-05 (Thu, 05 Jun 2025)
Changed paths:
A LayoutTests/fast/mediastream/canvas-capture-stream-crash-expected.txt
A LayoutTests/fast/mediastream/canvas-capture-stream-crash.html
M Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp
Log Message:
-----------
heap-use-after-free | WebCore::CanvasBase::setImageBuffer;
WebCore::HTMLCanvasElement::createImageBuffer; WebCore::CanvasBase::buffer
rdar://146074410
Reviewed by Andy Estes.
We need to protect the canvas element since GC can now happen for the canvas
element as part of CanvasBase::setImageBuffer.
* LayoutTests/fast/mediastream/canvas-capture-stream-crash-expected.txt: Added.
* LayoutTests/fast/mediastream/canvas-capture-stream-crash.html: Added.
* Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
(WebCore::CanvasCaptureMediaStreamTrack::Source::captureCanvas):
Originally-landed-as: 289651.303@safari-7621-branch (5aa4b01c6cd9).
rdar://151708887
Canonical link: https://commits.webkit.org/295888@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
