Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8653dfc68de69af36ba39186e20402fe98cbdf36
https://github.com/WebKit/WebKit/commit/8653dfc68de69af36ba39186e20402fe98cbdf36
Author: Abrar Rahman Protyasha <[email protected]>
Date: 2025-07-22 (Tue, 22 Jul 2025)
Changed paths:
M Source/WebKit/WebProcess/Plugins/PDF/PDFIncrementalLoader.mm
M Source/WebKit/WebProcess/Plugins/PDF/PDFPluginBase.mm
Log Message:
-----------
Web process still crashes under PDFPluginBase::dataSpanForRange() after
295775@main
https://bugs.webkit.org/show_bug.cgi?id=296318
rdar://155917281
Reviewed by Wenson Hsieh.
The web content process is still occasionally crashing under
PDFPluginBase::dataSpanForRange(). While the root cause is yet to be
determined, code inspection suggests there is possibility for the
m_streamedBytes count and the m_data buffer length to be out of sync, in
which case comparisons against (source + offset) for range validity
could be different when referencing either.
This patch makes dataSpanForRange() more robust against crashes by
addressing this specific scenario. Instead of blindly returning true if
source + offset < m_streamedBytes, we instead return the source + offset
comparison against the data buffer size. This way, the latter is treated
as the source of ground truth.
* Source/WebKit/WebProcess/Plugins/PDF/PDFIncrementalLoader.mm:
(WebKit::PDFIncrementalLoader::PDFIncrementalLoader):
(WebKit::PDFIncrementalLoader::threadEntry):
Some drive-by code hygiene fixes.
* Source/WebKit/WebProcess/Plugins/PDF/PDFPluginBase.mm:
(WebKit::PDFPluginBase::dataSpanForRange const):
Canonical link: https://commits.webkit.org/297764@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
