Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: abe6e8251b31e2ee9af8040938d6cc532f296df8
https://github.com/WebKit/WebKit/commit/abe6e8251b31e2ee9af8040938d6cc532f296df8
Author: Timothy Hatcher <[email protected]>
Date: 2026-07-01 (Wed, 01 Jul 2026)
Changed paths:
M
Source/WebKit/Shared/Extensions/WebExtensionRegisteredScriptsSQLiteStore.cpp
M
Source/WebKit/UIProcess/Extensions/WebExtensionDeclarativeNetRequestSQLiteStore.cpp
Log Message:
-----------
Cherry-pick ef8d2c8530b9. rdar://175672652
Web Extensions: dispatch completionHandler to main thread on weak-null
paths in SQLiteStore subclasses.
https://webkit.org/b/313468
rdar://175672652
Reviewed by Brian Weinstein.
Dispatch completionHandler to the main thread when the weak-null
early-return path is taken in WebExtensionSQLiteStore
subclasses. The !protectedThis paths were invoking completionHandler
directly on the background WorkQueue, while callers
assume main-thread execution — leading to concurrent HashMap mutations and
a heap use-after-free during extension reload.
*
Source/WebKit/Shared/Extensions/WebExtensionRegisteredScriptsSQLiteStore.cpp:
(WebKit::WebExtensionRegisteredScriptsSQLiteStore::deleteScriptsWithIDs):
(WebKit::WebExtensionRegisteredScriptsSQLiteStore::addScripts):
(WebKit::WebExtensionRegisteredScriptsSQLiteStore::getScripts):
*
Source/WebKit/UIProcess/Extensions/WebExtensionDeclarativeNetRequestSQLiteStore.cpp:
(WebKit::WebExtensionDeclarativeNetRequestSQLiteStore::addRules):
(WebKit::WebExtensionDeclarativeNetRequestSQLiteStore::deleteRules):
(WebKit::WebExtensionDeclarativeNetRequestSQLiteStore::getRulesWithRuleIDs):
* Source/WebKit/UIProcess/Extensions/WebExtensionStorageSQLiteStore.cpp:
(WebKit::WebExtensionStorageSQLiteStore::getAllKeys):
(WebKit::WebExtensionStorageSQLiteStore::getValuesForKeys):
(WebKit::WebExtensionStorageSQLiteStore::getStorageSizeForAllKeys):
(WebKit::WebExtensionStorageSQLiteStore::setKeyedData):
(WebKit::WebExtensionStorageSQLiteStore::deleteValuesForKeys):
Identifier: 305413.750@safari-7624-branch
Originally-landed-as: [email protected] (cbaccedd226a).
rdar://180428588
Canonical link: https://commits.webkit.org/316334@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications