Bug 230121 - Potential crash under CachedRawResource::didAddClient()
Summary: Potential crash under CachedRawResource::didAddClient()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-09-09 13:26 PDT by Chris Dumez
Modified: 2021-12-22 16:24 PST (History)
5 users (show)

See Also:


Attachments
Patch (2.85 KB, patch)
2021-09-09 13:32 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2021-09-09 13:26:04 PDT
Potential crash under CachedRawResource::didAddClient():
50 WebCore: WebCore::SharedBuffer::forEachSegment(WTF::Function<void (WTF::Span<unsigned char const, 18446744073709551615ul> const&)> const&) const <==
        50 WebCore: WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient&)::$_0::operator()(WebCore::ResourceRequest&&)::'lambda'()::operator()() const
          50 WebCore: WTF::Detail::CallableWrapper<WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&, WTF::CompletionHandler<void ()>&&)::$_4, void, WebCore::PolicyAction, WebCore::PolicyCheckIdentifier>::call(WebCore::PolicyAction, WebCore::PolicyCheckIdentifier)
            50 WebKit: WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, WebCore::PolicyCheckIdentifier, WTF::String const&, WTF::Function<void (WebCore::PolicyAction, WebCore::PolicyCheckIdentifier)>&&)
Comment 1 Chris Dumez 2021-09-09 13:26:19 PDT
<rdar://82936913>
Comment 2 Chris Dumez 2021-09-09 13:32:07 PDT
Created attachment 437776 [details]
Patch
Comment 3 EWS 2021-09-09 15:24:49 PDT
Committed r282241 (241524@main): <https://commits.webkit.org/241524@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 437776 [details].
Comment 4 Jean-Yves Avenard [:jya] 2021-12-22 16:05:45 PST
We can probably revert this following bug 233442.

The inner Vector can't be modified while a SharedBuffer is in use anymore.