[webkit-changes] [WebKit/WebKit] 3f928a: [Skia] Use after free when serializing SkColorSpace

Michael Catanzaro Tue, 16 Jul 2024 04:34:32 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3f928ad98a0e59c9121db11911238adaa291c583
      
https://github.com/WebKit/WebKit/commit/3f928ad98a0e59c9121db11911238adaa291c583
  Author: Michael Catanzaro <mcatanz...@redhat.com>
  Date:   2024-07-16 (Tue, 16 Jul 2024)


  Changed paths:
    M Source/WebKit/Shared/skia/CoreIPCSkColorSpace.h

  Log Message:
  -----------
  [Skia] Use after free when serializing SkColorSpace
https://bugs.webkit.org/show_bug.cgi?id=276589

Reviewed by Philippe Normand.

We're returning a "dangling span" that references data from a
temporary SkData that has already been freed. Fix is to store the
SkData.

Unrelated: mark single-parameter constructors as explicit for good
measure.

* Source/WebKit/Shared/skia/CoreIPCSkColorSpace.h:
(WebKit::CoreIPCSkColorSpace::CoreIPCSkColorSpace):
(WebKit::CoreIPCSkColorSpace::dataReference const):

Canonical link: https://commits.webkit.org/281006@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] 3f928a: [Skia] Use after free when serializing SkColorSpace

Reply via email to