257982 – REGRESSION(262585@main): Potential null dereference of cached images in MemoryCache::destroyDecodedDataForAllImages()

Bug 257982 - REGRESSION(262585@main): Potential null dereference of cached images in MemoryCache::destroyDecodedDataForAllImages()

Summary: REGRESSION(262585@main): Potential null dereference of cached images in Memor...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Images (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Said Abou-Hallawa

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-06-12 14:57 PDT by Said Abou-Hallawa
Modified:	2023-06-12 17:12 PDT (History)
CC List:	2 users (show)

See Also:	257968

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Said Abou-Hallawa 2023-06-12 14:57:43 PDT

When the WebProcess cleanup timer fires, MemoryCache may try to release the decoded data of an already deleted CachedImage. MemoryCache stores the list of cached resources as WeakPtrs. So we need to null check these WeakPtrs in forEachResource() before using them.

Comment 1 Said Abou-Hallawa 2023-06-12 14:58:13 PDT

rdar://110339514

Comment 2 Said Abou-Hallawa 2023-06-12 15:31:14 PDT

Pull request: https://github.com/WebKit/WebKit/pull/14890

Comment 3 EWS 2023-06-12 17:12:23 PDT

Committed 265093@main (1fc9a2418bc9): <https://commits.webkit.org/265093@main>

Reviewed commits have been landed. Closing PR #14890 and removing active labels.