[webkit-changes] [WebKit/WebKit] 838475: [WebCore] Check for liveliness before dereferencin...

Tue, 05 May 2026 03:56:08 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 83847541408d0aa216e3537317bef1bbcb9444bc
      
https://github.com/WebKit/WebKit/commit/83847541408d0aa216e3537317bef1bbcb9444bc
  Author: Anthony Tarbinian <[email protected]>
  Date:   2026-05-05 (Tue, 05 May 2026)

  Changed paths:
    M Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
    M Source/WebCore/loader/CrossOriginPreflightChecker.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.h

  Log Message:
  -----------
  [WebCore] Check for liveliness before dereferencing m_document WeakPtr in 
DocumentThreadableLoader
https://bugs.webkit.org/show_bug.cgi?id=301373
rdar://161561780

Reviewed by Ryosuke Niwa.

This patch adds liveliness checks for dereferencing a WeakPtr
in WebCore::DocumentThreadableLoader.
Previously the `m_document` `WeakPtr` was dereferenced by calling
the `document()` or `protectedDocument()` member functions.

Since it's possible for the `WeakPtr` `m_document` to be null, we
should add checks before dereferencing it to avoid hitting
a RELEASE_ASSERT in `WeakPtr`'s * operator. To ensure that
m_document is kept alive after performing the null check,
we convert it to a `RefPtr`.

* Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations:
* Source/WebCore/loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
(WebCore::CrossOriginPreflightChecker::notifyFinished):
(WebCore::CrossOriginPreflightChecker::startPreflight):
(WebCore::CrossOriginPreflightChecker::doPreflight):
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
(WebCore::DocumentThreadableLoader::cancel):
(WebCore::DocumentThreadableLoader::didReceiveResponse):
(WebCore::DocumentThreadableLoader::didFail):
(WebCore::DocumentThreadableLoader::preflightFailure):
(WebCore::DocumentThreadableLoader::loadRequest):
(WebCore::DocumentThreadableLoader::securityOrigin const):
(WebCore::DocumentThreadableLoader::contentSecurityPolicy const):
(WebCore::DocumentThreadableLoader::crossOriginEmbedderPolicy const):
(WebCore::DocumentThreadableLoader::logErrorAndFail):

Originally-landed-as: 301765.317@safari-7623-branch (f6b5d41d0e82). 
rdar://168335001
Canonical link: https://commits.webkit.org/312606@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to