WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
279221
REGRESSION(
276827@main
): Possible null pointer dereferencing when an image frame finishes decoding while the document is getting closed
https://bugs.webkit.org/show_bug.cgi?id=279221
Summary
REGRESSION(276827@main): Possible null pointer dereferencing when an image fr...
Said Abou-Hallawa
Reported
2024-09-05 13:31:11 PDT
Before
276827@main
, the image decoding thread was calling ImageSource::cachePlatformImageAtIndexAsync() on the main thread to cache the decoded frame. This function was making an early return if isDecoderAvailable() is not available. void ImageSource::cachePlatformImageAtIndexAsync(...) { if (!isDecoderAvailable()) return; ... } After
276827@main
, the image decoding thread calls BitmapImageSource::imageFrameDecodeAtIndexHasFinished() which calls BitmapImageSource::cacheMetadataAtIndex(). This function assumes the decoder has to be available: void BitmapImageSource::cacheMetadataAtIndex(...) { ASSERT(m_decoder); ... } We need to restore the old check back to avoid null pointer dereferencing if the document is getting closed.
Attachments
Add attachment
proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1
2024-09-05 13:31:34 PDT
rdar://133487516
Said Abou-Hallawa
Comment 2
2024-09-05 13:45:33 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/33207
EWS
Comment 3
2024-09-05 17:14:22 PDT
Committed
283241@main
(926b6385eb9e): <
https://commits.webkit.org/283241@main
> Reviewed commits have been landed. Closing PR #33207 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug