| Summary: | Potential crash under CachedRawResource::didAddClient() | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||
| Component: | WebCore Misc. | Assignee: | Chris Dumez <cdumez> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | achristensen, ews-watchlist, japhet, jean-yves.avenard, webkit-bug-importer | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=228108 https://bugs.webkit.org/show_bug.cgi?id=232424 |
||||||
| Attachments: |
|
||||||
Created attachment 437776 [details]
Patch
Committed r282241 (241524@main): <https://commits.webkit.org/241524@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 437776 [details]. We can probably revert this following bug 233442. The inner Vector can't be modified while a SharedBuffer is in use anymore. |
Potential crash under CachedRawResource::didAddClient(): 50 WebCore: WebCore::SharedBuffer::forEachSegment(WTF::Function<void (WTF::Span<unsigned char const, 18446744073709551615ul> const&)> const&) const <== 50 WebCore: WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient&)::$_0::operator()(WebCore::ResourceRequest&&)::'lambda'()::operator()() const 50 WebCore: WTF::Detail::CallableWrapper<WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&, WTF::CompletionHandler<void ()>&&)::$_4, void, WebCore::PolicyAction, WebCore::PolicyCheckIdentifier>::call(WebCore::PolicyAction, WebCore::PolicyCheckIdentifier) 50 WebKit: WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, WebCore::PolicyCheckIdentifier, WTF::String const&, WTF::Function<void (WebCore::PolicyAction, WebCore::PolicyCheckIdentifier)>&&)