Bug 241162

Summary:	WeakHashMap::ensure() may crash if the map contains null references
Product:	WebKit	Reporter:	Chris Dumez <cdumez>
Component:	Web Template Framework	Assignee:	Chris Dumez <cdumez>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=241141

Chris Dumez

Reported 2022-05-31 16:30:23 PDT

WeakHashMap::ensure() may crash if the map contains null references, because the WeakHashMap iterator destructor can clear null references and the AddResult constructor copies and destroys the input iterator.

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2022-05-31 16:43:18 PDT

Pull request: https://github.com/WebKit/WebKit/pull/1196

EWS

Comment 2 2022-06-01 09:59:30 PDT

Committed r295092 (251187@main): <https://commits.webkit.org/251187@main> Reviewed commits have been landed. Closing PR #1196 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2022-06-01 10:00:14 PDT

<rdar://problem/94229617>

Note You need to log in before you can comment on or make changes to this bug.