286252 – Multiple crashes and assertions when calling internals API on a window without frame

RESOLVED FIXED 286252

Multiple crashes and assertions when calling internals API on a window without frame

https://bugs.webkit.org/show_bug.cgi?id=286252

Summary Multiple crashes and assertions when calling internals API on a window withou...

Frédéric Wang (:fredw)

Reported 2025-01-20 01:24:25 PST

There are multiple places in Internals.cpp that assumes a frame is present (or a document, or valid parameters) and would otherwise crash or assert. Internals object are not included in production versions of WebKit so that's not a security issue, but still that can cause reports by fuzzers.

Attachments
Add attachment proposed patch, testcase, etc.

Frédéric Wang (:fredw)

Comment 1 2025-01-20 01:46:03 PST

Pull request: https://github.com/WebKit/WebKit/pull/39285

EWS

Comment 2 2025-01-23 11:59:11 PST

Committed 289309@main (e63fe9d14548): <https://commits.webkit.org/289309@main> Reviewed commits have been landed. Closing PR #39285 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2025-01-23 12:00:22 PST

<rdar://problem/143510594>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Frédéric Wang (:fredw)

Reported

2025-01-20 01:24 PST

Modified

2025-01-23 12:00 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks

286018

Dependencies

tree graph