[webkit-changes] [WebKit/WebKit] 581d4c: Null pointer dereference in LegacyWebArchive::prot...

Thu, 06 Nov 2025 16:19:25 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 581d4c4b644927f8412212387fd19c6acc595f58
      
https://github.com/WebKit/WebKit/commit/581d4c4b644927f8412212387fd19c6acc595f58
  Author: Sihui Liu <[email protected]>
  Date:   2025-11-06 (Thu, 06 Nov 2025)

  Changed paths:
    M Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp
    M Source/WebCore/loader/archive/cf/LegacyWebArchive.h
    M Source/WebKitLegacy/mac/WebView/WebArchive.mm

  Log Message:
  -----------
  Null pointer dereference in LegacyWebArchive::protectedMainResource()
https://bugs.webkit.org/show_bug.cgi?id=302063
rdar://164088405

Reviewed by Ryosuke Niwa and Anne van Kesteren.

Archive::mainResource() can return nullptr and 
LegacyWebArchive::protectedMainResource() currently defererences it
without null check, so we are seeing crashes. However, LegacyWebArchive should 
not be created with null main resource,
as it cannot be loaded anyways. So instead of adding null check in 
protectedMainResource(), this patch fixes the crash
by ensuring LegacyWebArchive is always created non-null main resource: 
LegacyWebArchive::create*() functions now returns
nullptr instead of default LegacyWebArchive object on error.

* Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp:
(WebCore::LegacyWebArchive::create):
(WebCore::LegacyWebArchive::createInternal):
(WebCore::LegacyWebArchive::extract): Deleted.
* Source/WebCore/loader/archive/cf/LegacyWebArchive.h:
* Source/WebKitLegacy/mac/WebView/WebArchive.mm:
(-[WebArchivePrivate init]):

Canonical link: https://commits.webkit.org/302691@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to