Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 30a90c6902be74c95de7f535a10b16fd0fb9f34d
https://github.com/WebKit/WebKit/commit/30a90c6902be74c95de7f535a10b16fd0fb9f34d
Author: Abrar Rahman Protyasha <[email protected]>
Date: 2025-07-14 (Mon, 14 Jul 2025)
Changed paths:
M Source/WebCore/page/EventHandler.cpp
Log Message:
-----------
WeakPtr<Page> null dereference crash under
EventHandler::handleMouseReleaseEvent
https://bugs.webkit.org/show_bug.cgi?id=295900
rdar://154193932
Reviewed by Wenson Hsieh.
Recently, we have observed some null dereference crashes under
EventHandler::handleMouseReleaseEvent(), all of the nature:
```
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000008
Exception Codes: 0x0000000000000001, 0x0000000000000008
WebCore::Page::WeakValueType*
WTF::WeakPtrImplBase<WTF::DefaultWeakPtrImpl>::get<WebCore::Page>()
WTF::WeakPtr<WebCore::Page, WTF::DefaultWeakPtrImpl,
WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl>>::get() const
WebCore::Frame::protectedPage() const
WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent
const&)
```
... which indicates that `WeakPtr<Page>` in `EventHandler::m_frame`
is holding on to a nullptr. Instead of unconditionally accessing this
object, this patch makes the codepath less crash prone by introducing a
null check.
No new tests because I was not able to create a reproduction for the
crash yet.
* Source/WebCore/page/EventHandler.cpp:
(WebCore::EventHandler::handleMouseReleaseEvent):
Canonical link: https://commits.webkit.org/297345@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
