302197 – Potential null dereference of m_target in ResizeObservation::computeTargetLocation()

RESOLVED FIXED302197

Potential null dereference of m_target in ResizeObservation::computeTargetLocation()

https://bugs.webkit.org/show_bug.cgi?id=302197

Summary Potential null dereference of m_target in ResizeObservation::computeTargetLoc...

Chris Dumez

Reported 2025-11-07 22:48:19 PST

Potential null dereference of m_target in ResizeObservation::computeTargetLocation(): ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread: 0 WebCore 0x1b33a46a4 WTFCrashWithInfo(int, char const*, char const*, int) + 24 1 WebCore 0x1b33a46a4 WTF::WeakPtr<WebCore::Element, WebCore::WeakPtrImplWithEventTargetData, WTF::RawPtrTraits<WebCore::WeakPtrImplWithEventTargetData>>::operator->() const + 24 2 WebCore 0x1b33a46a4 WebCore::ResizeObservation::computeTargetLocation() const + 24 3 WebCore 0x1b33a46a4 WebCore::ResizeObservation::computeContentRect() const + 24 4 WebCore 0x1b33a46a4 _ZZN7WebCore14ResizeObserver19deliverObservationsEvENK3$_0clIKN3WTF3RefINS_17ResizeObservationENS3_12RawPtrTraitsIS5_EENS3_21DefaultRefDerefTraitsIS5_EEEEEEDaRT_ + 24 5 WebCore 0x1b33a46a4 WTF::Vector<WTF::Ref<WebCore::ResizeObserverEntry, WTF::RawPtrTraits<WebCore::ResizeObserverEntry>, WTF::DefaultRefDerefTraits<WebCore::ResizeObserverEntry>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> WTF::Vector<WTF::Ref<WebCore::ResizeObservation, WTF::RawPtrTraits<WebCore::ResizeObservation>, WTF::DefaultRefDerefTraits<WebCore::ResizeObservation>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::map<WTF::Vector<WTF::Ref<WebCore::ResizeObserverEntry, WTF::RawPtrTraits<WebCore::ResizeObserverEntry>, WTF::DefaultRefDerefTraits<WebCore::ResizeObserverEntry>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::ResizeObserver::deliverObservations()::$_0>(WebCore::ResizeObserver::deliverObservations()::$_0 const&) const + 24 6 WebCore 0x1b33a46a4 WTF::Vector<std::__1::invoke_result<WebCore::ResizeObserver::deliverObservations()::$_0, WTF::Ref<WebCore::ResizeObservation, WTF::RawPtrTraits<WebCore::ResizeObservation>, WTF::DefaultRefDerefTraits<WebCore::ResizeObservation>> const&>::type, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> WTF::Vector<WTF::Ref<WebCore::ResizeObservation, WTF::RawPtrTraits<WebCore::ResizeObservation>, WTF::DefaultRefDerefTraits<WebCore::ResizeObservation>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::map<WebCore::ResizeObserver::deliverObservations()::$_0>(WebCore::ResizeObserver::deliverObservations()::$_0 const&) const + 24 ```

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2025-11-07 22:48:28 PST

<rdar://164271295>

Chris Dumez

Comment 2 2025-11-07 22:51:17 PST

Pull request: https://github.com/WebKit/WebKit/pull/53625

EWS

Comment 3 2025-11-08 05:34:20 PST

Committed 302765@main (a1c0f13ff6a0): <https://commits.webkit.org/302765@main> Reviewed commits have been landed. Closing PR #53625 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Chris Dumez

Reported

2025-11-07 22:48 PST

Modified

2025-11-08 05:34 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks