RESOLVED FIXED296276
CVE-2025-43368 Crash under WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0, void>::call 
https://bugs.webkit.org/show_bug.cgi?id=296276
Summary Crash under WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAnd...
Chris Dumez
Reported 2025-07-21 09:01:27 PDT
Crash under WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0, void>::call: ``` 4 WTFCrashWithInfo(int, char const*, char const*, int) (WebKit) 5 WTF::CanMakeCheckedPtrBase<std::__1::atomic<unsigned int>, unsigned int>::decrementCheckedPtrCount() const (WebKit) 5 WTF::CheckedPtr<IPC::Connection::Client, WTF::RawPtrTraits<IPC::Connection::Client>>::derefIfNotNull() (WebKit) 5 WTF::CheckedPtr<IPC::Connection::Client, WTF::RawPtrTraits<IPC::Connection::Client>>::~CheckedPtr() (WebKit) 5 WTF::CheckedPtr<IPC::Connection::Client, WTF::RawPtrTraits<IPC::Connection::Client>>::~CheckedPtr() (WebKit) 5 IPC::Connection::dispatchDidCloseAndInvalidate()::$_0::operator()() const (WebKit) ==> 8 WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0, void>::call() (WebKit) <== 5 WTF::Function<void ()>::operator()() const (JavaScriptCore) | 5 WTF::RunLoop::performWork() (JavaScriptCore) | 5 WTF::RunLoop::performWork(void*) (JavaScriptCore) ```
Attachments
Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2025-07-21 09:01:36 PDT
<rdar://156192754>
Chris Dumez
Comment 2 2025-07-21 09:05:40 PDT
Pull request: https://github.com/WebKit/WebKit/pull/48326
EWS
Comment 3 2025-07-21 12:27:13 PDT
Committed 297696@main (674611789255): <https://commits.webkit.org/297696@main> Reviewed commits have been landed. Closing PR #48326 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.