Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: abe6e8251b31e2ee9af8040938d6cc532f296df8
      
https://github.com/WebKit/WebKit/commit/abe6e8251b31e2ee9af8040938d6cc532f296df8
  Author: Timothy Hatcher <[email protected]>
  Date:   2026-07-01 (Wed, 01 Jul 2026)

  Changed paths:
    M 
Source/WebKit/Shared/Extensions/WebExtensionRegisteredScriptsSQLiteStore.cpp
    M 
Source/WebKit/UIProcess/Extensions/WebExtensionDeclarativeNetRequestSQLiteStore.cpp

  Log Message:
  -----------
  Cherry-pick ef8d2c8530b9. rdar://175672652

    Web Extensions: dispatch completionHandler to main thread on weak-null 
paths in SQLiteStore subclasses.
    https://webkit.org/b/313468
    rdar://175672652

    Reviewed by Brian Weinstein.

    Dispatch completionHandler to the main thread when the weak-null 
early-return path is taken in WebExtensionSQLiteStore
    subclasses. The !protectedThis paths were invoking completionHandler 
directly on the background WorkQueue, while callers
    assume main-thread execution — leading to concurrent HashMap mutations and 
a heap use-after-free during extension reload.

    * 
Source/WebKit/Shared/Extensions/WebExtensionRegisteredScriptsSQLiteStore.cpp:
    (WebKit::WebExtensionRegisteredScriptsSQLiteStore::deleteScriptsWithIDs):
    (WebKit::WebExtensionRegisteredScriptsSQLiteStore::addScripts):
    (WebKit::WebExtensionRegisteredScriptsSQLiteStore::getScripts):
    * 
Source/WebKit/UIProcess/Extensions/WebExtensionDeclarativeNetRequestSQLiteStore.cpp:
    (WebKit::WebExtensionDeclarativeNetRequestSQLiteStore::addRules):
    (WebKit::WebExtensionDeclarativeNetRequestSQLiteStore::deleteRules):
    (WebKit::WebExtensionDeclarativeNetRequestSQLiteStore::getRulesWithRuleIDs):
    * Source/WebKit/UIProcess/Extensions/WebExtensionStorageSQLiteStore.cpp:
    (WebKit::WebExtensionStorageSQLiteStore::getAllKeys):
    (WebKit::WebExtensionStorageSQLiteStore::getValuesForKeys):
    (WebKit::WebExtensionStorageSQLiteStore::getStorageSizeForAllKeys):
    (WebKit::WebExtensionStorageSQLiteStore::setKeyedData):
    (WebKit::WebExtensionStorageSQLiteStore::deleteValuesForKeys):

    Identifier: 305413.750@safari-7624-branch

Originally-landed-as: [email protected] (cbaccedd226a). 
rdar://180428588
Canonical link: https://commits.webkit.org/316334@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to