Bug 305539

Summary:	Crash under WTF::Persistence::Decoder::operator>>
Product:	WebKit	Reporter:	Chris Dumez <cdumez>
Component:	Page Loading	Assignee:	Chris Dumez <cdumez>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	beidson, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Chris Dumez

Reported 2026-01-14 21:59:46 PST

Crash under WTF::Persistence::Decoder::operator>>: ``` Thread 4 Crashed:: : 0 JavaScriptCore 0x1b2be5430 void WTF::memcpySpan<unsigned char, 18446744073709551615ul, unsigned char const, 18446744073709551615ul>(std::__1::span<unsigned char, 18446744073709551615ul>, std::__1::span<unsigned char const, 18446744073709551615ul>) + 0 (Source/WTF/wtf/StdLibExtras.h:1068) [inlined] 1 JavaScriptCore 0x1b2be5430 WTF::Persistence::Decoder& WTF::Persistence::Decoder::decodeNumber<unsigned int>(std::__1::optional<unsigned int>&) + 72 (Source/WTF/wtf/persistence/PersistentDecoder.cpp:84) [inlined] 2 JavaScriptCore 0x1b2be5430 WTF::Persistence::Decoder::operator>>(std::__1::optional<unsigned int>&) + 72 (Source/WTF/wtf/persistence/PersistentDecoder.cpp:114) 3 WebKit 0x1b1ba6f78 WebKit::decodeRecordMetaData(std::__1::span<unsigned char const, 18446744073709551615ul>) + 68 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:163) [inlined] 4 WebKit 0x1b1ba6f78 WebKit::readRecordInfoFromFileData(std::__1::array<unsigned char, 8ul> const&, std::__1::span<unsigned char const, 18446744073709551615ul>) + 156 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:290) 5 WebKit 0x1b1ba6f78 WebKit::decodeRecordMetaData(std::__1::span<unsigned char const, 18446744073709551615ul>) + 68 (/Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:163) [inlined] 6 WebKit 0x1b1ba6f78 WebKit::readRecordInfoFromFileData(std::__1::array<unsigned char, 8ul> const&, std::__1::span<unsigned char const, 18446744073709551615ul>) + 156 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:290) 7 WebKit 0x1b1bba4ec WebKit::CacheStorageDiskStore::readRecordFromFileData(std::__1::span<unsigned char const, 18446744073709551615ul>, WTF::FileSystemImpl::MappedFileData&&) + 20 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:314) [inlined] ```

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2026-01-14 21:59:58 PST

rdar://155698666

Chris Dumez

Comment 2 2026-01-14 22:12:35 PST

Pull request: https://github.com/WebKit/WebKit/pull/56617

EWS

Comment 3 2026-01-16 01:21:03 PST

Committed 305698@main (d939960fe8b1): <https://commits.webkit.org/305698@main> Reviewed commits have been landed. Closing PR #56617 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.