Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 86ec57b01ddf525c5efdaf84479a6df1af9f258a
https://github.com/WebKit/WebKit/commit/86ec57b01ddf525c5efdaf84479a6df1af9f258a
Author: Lauro Moura <[email protected]>
Date: 2026-07-03 (Fri, 03 Jul 2026)
Changed paths:
M Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp
Log Message:
-----------
[Soup] Null deref in
NetworkStorageSession::stopListeningForCookieChangeNotifications when a host is
absent from m_cookieChangeObservers
https://bugs.webkit.org/show_bug.cgi?id=318463
Reviewed by Patrick Griffis.
Safely ignore a given host if it's not found in m_cookieChangeObservers,
avoiding a potential null deref. This mirrors the Cocoa port's release
behavior. For debug builds, as the ASSERT_UNUSED(removed, removed) in
NetworkConnectionToWebProcess::unsubscribeFromCookieChangeNotifications
would have triggered earlier, we're also removing the redundant ASSERT.
This scenario can happen after a previous NetworkProcess with cookie
listeners crashes. As currently the WebCookieJar is not notified of such
crashes, it does not tell the replacement process's NetworkStorageSession
about the existing listeners. Then, when the WebCookieJar sends an
unsubscribe request, we hit the assertion or trigger the null deref on
the empty map on the storage session.
* Source/WebCore/platform/network/soup/NetworkStorageSessionSoup.cpp:
(WebCore::NetworkStorageSession::stopListeningForCookieChangeNotifications):
Canonical link: https://commits.webkit.org/316492@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications