Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f9641bf127f539a4388e261e67ef912a24d9702c
https://github.com/WebKit/WebKit/commit/f9641bf127f539a4388e261e67ef912a24d9702c
Author: Pedro Varangot <pvaran...@apple.com>
Date: 2025-06-04 (Wed, 04 Jun 2025)
Changed paths:
A LayoutTests/ipc/storage-area-cache-use-after-free-expected.txt
A LayoutTests/ipc/storage-area-cache-use-after-free.html
M Source/WebKit/NetworkProcess/storage/SQLiteStorageArea.cpp
Log Message:
-----------
Repeated IPC calls to StorageArea may loop over freed cache after closing
connection, leading to use after free
https://bugs.webkit.org/show_bug.cgi?id=289571
rdar://146475370
Reviewed by Sihui Liu.
This fixes the bug by printing an error and returning empty data if an error
happens with the database
* LayoutTests/ipc/coreipc.js:
(splitClassAndFunction):
(CoreIPCClass.prototype.initializeMessageByName):
(CoreIPCClass.prototype.initializeMessages):
(CoreIPCClass.prototype.generateSendingFunction):
(export.StreamConnectionInterface):
(export.StreamConnectionInterface.prototype.getIdentifier):
(export.StreamConnectionInterface.prototype.initializeMessages):
(export.StreamConnectionInterface.prototype.generateStreamSendingFunction):
(export.ArgumentSerializer.parseTemplate):
(export.ArgumentSerializer):
* LayoutTests/ipc/storage-area-cache-use-after-free-expected.txt: Added.
* LayoutTests/ipc/storage-area-cache-use-after-free.html: Added.
* Source/WebKit/NetworkProcess/storage/SQLiteStorageArea.cpp:
(WebKit::SQLiteStorageArea::allItems):
Originally-landed-as: 289651.283@safari-7621-branch (7719e167beea).
rdar://151707003
Canonical link: https://commits.webkit.org/295838@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
