Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a14d1c0731137bfcf330d8706fadd983b9834b17
https://github.com/WebKit/WebKit/commit/a14d1c0731137bfcf330d8706fadd983b9834b17
Author: Youenn Fablet <[email protected]>
Date: 2026-07-01 (Wed, 01 Jul 2026)
Changed paths:
A LayoutTests/webrtc/transceiver-setCodecPreferences-closed-expected.txt
A LayoutTests/webrtc/transceiver-setCodecPreferences-closed.html
M Source/WebCore/Modules/mediastream/RTCRtpTransceiver.cpp
Log Message:
-----------
Safari & Chrome for iOS: Use-after-free in WebKit libwebrtc `RtpTransceiver`
codec state reachable via `RTCRtpTransceiver.setCodecPreferences` after
garbage-collected `RTCPeerConnection`
rdar://175625015
Reviewed by Jean-Yves Avenard.
While we should fix the RtpTransceiver/PeerConnection relationship in
libwebrtc, we instead do a short term fix in WebCore layer by making
RTCRtpTransceiver.setCodecPreferences a no-op when peer connection is destroyed
or closed.
Test: webrtc/transceiver-setCodecPreferences-closed.html
* LayoutTests/webrtc/transceiver-setCodecPreferences-closed-expected.txt: Added.
* LayoutTests/webrtc/transceiver-setCodecPreferences-closed.html: Added.
* Source/WebCore/Modules/mediastream/RTCRtpTransceiver.cpp:
(WebCore::RTCRtpTransceiver::setCodecPreferences):
Originally-landed-as: 305413.781@safari-7624-branch (456c1826db44).
rdar://181076635
Canonical link: https://commits.webkit.org/316356@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications