Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 846badc3c41ca797dd2d5980061ad32c157638f5
https://github.com/WebKit/WebKit/commit/846badc3c41ca797dd2d5980061ad32c157638f5
Author: Youenn Fablet <[email protected]>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
A LayoutTests/streams/pipeTo-in-worker-terminate-crash-expected.txt
A LayoutTests/streams/pipeTo-in-worker-terminate-crash.html
M Source/WebCore/Modules/streams/ReadableStreamDefaultReader.cpp
M Source/WebCore/Modules/streams/StreamPipeToUtilities.cpp
M Source/WebCore/bindings/js/InternalWritableStreamWriter.cpp
Log Message:
-----------
Add missing null checks when calling internal stream functions
rdar://178381545
https://bugs.webkit.org/show_bug.cgi?id=316085
Reviewed by Ryosuke Niwa.
InternalReadableStreamDefaultReader::readForBindings and
InternalWritableStream::abort return an empty JSC::JSValue when the underlying
JS call throws (e.g. on a termination exception when a
Worker is terminated mid-flight).
The callers were then passing the empty JSValue to downcast<JSC::JSPromise>(),
which RELEASE_ASSERTs on !value.isCell() and crashes.
We bail out when the returned JSValue is empty.
* LayoutTests/streams/pipeTo-in-worker-terminate-crash-expected.txt: Added.
* LayoutTests/streams/pipeTo-in-worker-terminate-crash.html: Added.
* Source/WebCore/Modules/streams/ReadableStreamDefaultReader.cpp:
(WebCore::ReadableStreamDefaultReader::read):
* Source/WebCore/Modules/streams/StreamPipeToUtilities.cpp:
(WebCore::StreamPipeToState::handleSignal):
(WebCore::StreamPipeToState::errorsMustBePropagatedForward):
Canonical link: https://commits.webkit.org/314435@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
