305539 – Crash under WTF::Persistence::Decoder::operator>>

RESOLVED FIXED305539

Crash under WTF::Persistence::Decoder::operator>>

https://bugs.webkit.org/show_bug.cgi?id=305539

Summary Crash under WTF::Persistence::Decoder::operator>>

Chris Dumez

Reported 2026-01-14 21:59:46 PST

Crash under WTF::Persistence::Decoder::operator>>: ``` Thread 4 Crashed:: : 0 JavaScriptCore 0x1b2be5430 void WTF::memcpySpan<unsigned char, 18446744073709551615ul, unsigned char const, 18446744073709551615ul>(std::__1::span<unsigned char, 18446744073709551615ul>, std::__1::span<unsigned char const, 18446744073709551615ul>) + 0 (Source/WTF/wtf/StdLibExtras.h:1068) [inlined] 1 JavaScriptCore 0x1b2be5430 WTF::Persistence::Decoder& WTF::Persistence::Decoder::decodeNumber<unsigned int>(std::__1::optional<unsigned int>&) + 72 (Source/WTF/wtf/persistence/PersistentDecoder.cpp:84) [inlined] 2 JavaScriptCore 0x1b2be5430 WTF::Persistence::Decoder::operator>>(std::__1::optional<unsigned int>&) + 72 (Source/WTF/wtf/persistence/PersistentDecoder.cpp:114) 3 WebKit 0x1b1ba6f78 WebKit::decodeRecordMetaData(std::__1::span<unsigned char const, 18446744073709551615ul>) + 68 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:163) [inlined] 4 WebKit 0x1b1ba6f78 WebKit::readRecordInfoFromFileData(std::__1::array<unsigned char, 8ul> const&, std::__1::span<unsigned char const, 18446744073709551615ul>) + 156 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:290) 5 WebKit 0x1b1ba6f78 WebKit::decodeRecordMetaData(std::__1::span<unsigned char const, 18446744073709551615ul>) + 68 (/Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:163) [inlined] 6 WebKit 0x1b1ba6f78 WebKit::readRecordInfoFromFileData(std::__1::array<unsigned char, 8ul> const&, std::__1::span<unsigned char const, 18446744073709551615ul>) + 156 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:290) 7 WebKit 0x1b1bba4ec WebKit::CacheStorageDiskStore::readRecordFromFileData(std::__1::span<unsigned char const, 18446744073709551615ul>, WTF::FileSystemImpl::MappedFileData&&) + 20 (Source/WebKit/NetworkProcess/storage/CacheStorageDiskStore.cpp:314) [inlined] ```

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2026-01-14 21:59:58 PST

rdar://155698666

Chris Dumez

Comment 2 2026-01-14 22:12:35 PST

Pull request: https://github.com/WebKit/WebKit/pull/56617

EWS

Comment 3 2026-01-16 01:21:03 PST

Committed 305698@main (d939960fe8b1): <https://commits.webkit.org/305698@main> Reviewed commits have been landed. Closing PR #56617 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Chris Dumez

Reported

2026-01-14 21:59 PST

Modified

2026-01-16 01:21 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks