Bug 269754

Summary:	REGRESSION(274288@main): Null pointer dereference in `WebPageProxy::activityStateDidChange()`
Product:	WebKit	Reporter:	Charlie Wolfe <charliew>
Component:	WebKit Misc.	Assignee:	Charlie Wolfe <charliew>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	cdumez, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Charlie Wolfe

Reported 2024-02-19 14:27:26 PST

`m_pageClient` is protected in `decidePolicyForNavigationAction()`, but not passed to the created lambdas. When `Transaction` is destructed, `activityStateDidChange()` tries to create a strong reference to `m_pageClient`, but it may already be destroyed. We should pass `protectedPageClient` into the lambdas where `Transaction` is used.

Attachments
Add attachment proposed patch, testcase, etc.

Charlie Wolfe

Comment 1 2024-02-19 14:27:32 PST

rdar://123032571

Charlie Wolfe

Comment 2 2024-02-19 14:31:06 PST

Pull request: https://github.com/WebKit/WebKit/pull/24778

EWS

Comment 3 2024-02-19 21:19:25 PST

Committed 275019@main (350492890293): <https://commits.webkit.org/275019@main> Reviewed commits have been landed. Closing PR #24778 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.