Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0e6562216f49299cd139609ed898b873ba530980
https://github.com/WebKit/WebKit/commit/0e6562216f49299cd139609ed898b873ba530980
Author: Chris Dumez <[email protected]>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M Source/WebCore/platform/cocoa/SharedBufferCocoa.mm
Log Message:
-----------
Fix potential leak in FragmentedSharedBuffer::createCMBlockBuffer()
https://bugs.webkit.org/show_bug.cgi?id=316167
Reviewed by Jean-Yves Avenard.
The lambda in FragmentedSharedBuffer::createCMBlockBuffer() unconditionally
calls DataSegment::ref() before invoking CMBlockBufferCreateWithMemoryBlock(),
expecting the matching deref() to come from the FreeBlock callback once the
block buffer is destroyed. However, CMBlockBufferCreateWithMemoryBlock() does
not invoke the FreeBlock callback when it fails, so the early-return on error
leaked one strong reference on the DataSegment every time creation failed.
Balance the ref() with an explicit deref() on the failure path.
* Source/WebCore/platform/cocoa/SharedBufferCocoa.mm:
(WebCore::FragmentedSharedBuffer::createCMBlockBuffer const):
Canonical link: https://commits.webkit.org/314456@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
