Summary: | Crash in WebCore::ServiceWorkerGlobalScope | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Alicia Boya García <aboya> | ||||
Component: | Service Workers | Assignee: | youenn fablet <youennf> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | achristensen, bfulgham, commit-queue, mcatanzaro, product-security, webkit-bug-importer, youennf | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Alicia Boya García
2018-12-07 13:50:26 PST
(Note that null pointer dereference is at worst a DoS issue, so I don't think this needs to remain private.) Just from quick code inspection: connection->skipWaiting(workerThread->identifier(), [workerThread = WTFMove(workerThread), requestIdentifier] { This is illegal because workerThread could be moved from in the second argument before the first argument is evaluated. It needs a temporary variable to hold the result of workerThread->identifier(). Created attachment 358327 [details]
Patch
Comment on attachment 358327 [details] Patch Clearing flags on attachment: 358327 Committed r239620: <https://trac.webkit.org/changeset/239620> All reviewed patches have been landed. Closing bug. |