Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ba10f958479c0e4aa38645d04f2941fd777b11bb
https://github.com/WebKit/WebKit/commit/ba10f958479c0e4aa38645d04f2941fd777b11bb
Author: David Kilzer <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M Tools/WebKitTestRunner/TestController.cpp
Log Message:
-----------
REGRESSION(300777@main): [iOS] Use after free in
WTR::TestController::didReceiveScriptMessage()
<https://bugs.webkit.org/show_bug.cgi?id=305291>
<rdar://167941831>
Reviewed by Darin Adler and Geoffrey Garen.
The code was storing the result of `utf8().data()` in a local variable
and using it later on. This was a use-after-free since the pointer
returned by `data()` pointed to memory owned by the temporary CString
returned by `utf8()`.
* Tools/WebKitTestRunner/TestController.cpp:
Canonical link: https://commits.webkit.org/305430@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
