257982 – REGRESSION(262585@main): Potential null dereference of cached images in MemoryCache::destroyDecodedDataForAllImages()

RESOLVED FIXED257982

REGRESSION(262585@main): Potential null dereference of cached images in MemoryCache::destroyDecodedDataForAllImages()

https://bugs.webkit.org/show_bug.cgi?id=257982

Summary REGRESSION(262585@main): Potential null dereference of cached images in Memor...

Said Abou-Hallawa

Reported 2023-06-12 14:57:43 PDT

When the WebProcess cleanup timer fires, MemoryCache may try to release the decoded data of an already deleted CachedImage. MemoryCache stores the list of cached resources as WeakPtrs. So we need to null check these WeakPtrs in forEachResource() before using them.

Attachments
Add attachment proposed patch, testcase, etc.

Said Abou-Hallawa

Comment 1 2023-06-12 14:58:13 PDT

rdar://110339514

Said Abou-Hallawa

Comment 2 2023-06-12 15:31:14 PDT

Pull request: https://github.com/WebKit/WebKit/pull/14890

EWS

Comment 3 2023-06-12 17:12:23 PDT

Committed 265093@main (1fc9a2418bc9): <https://commits.webkit.org/265093@main> Reviewed commits have been landed. Closing PR #14890 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Images

Assignee

Said Abou-Hallawa

Reported

2023-06-12 14:57 PDT

Modified

2023-06-12 17:12 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks