Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 86ec57b01ddf525c5efdaf84479a6df1af9f258a
      
https://github.com/WebKit/WebKit/commit/86ec57b01ddf525c5efdaf84479a6df1af9f258a
  Author: Lauro Moura <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    M Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp

  Log Message:
  -----------
  [Soup] Null deref in 
NetworkStorageSession::stopListeningForCookieChangeNotifications when a host is 
absent from m_cookieChangeObservers
https://bugs.webkit.org/show_bug.cgi?id=318463

Reviewed by Patrick Griffis.

Safely ignore a given host if it's not found in m_cookieChangeObservers,
avoiding a potential null deref. This mirrors the Cocoa port's release
behavior. For debug builds, as the ASSERT_UNUSED(removed, removed) in
NetworkConnectionToWebProcess::unsubscribeFromCookieChangeNotifications
would have triggered earlier, we're also removing the redundant ASSERT.

This scenario can happen after a previous NetworkProcess with cookie
listeners crashes. As currently the WebCookieJar is not notified of such
crashes, it does not tell the replacement process's NetworkStorageSession
about the existing listeners. Then, when the WebCookieJar sends an
unsubscribe request, we hit the assertion or trigger the null deref on
the empty map on the storage session.

* Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp:
(WebCore::NetworkStorageSession::stopListeningForCookieChangeNotifications):

Canonical link: https://commits.webkit.org/316492@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to