Bug 241162

Summary: WeakHashMap::ensure() may crash if the map contains null references
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Web Template FrameworkAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=241141

Description Chris Dumez 2022-05-31 16:30:23 PDT 
WeakHashMap::ensure() may crash if the map contains null references, because the WeakHashMap iterator destructor can clear null references and the AddResult constructor copies and destroys the input iterator.
Comment 1 Chris Dumez 2022-05-31 16:43:18 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1196
Comment 2 EWS 2022-06-01 09:59:30 PDT 
Committed r295092 (251187@main): <https://commits.webkit.org/251187@main>

Reviewed commits have been landed. Closing PR #1196 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2022-06-01 10:00:14 PDT 
<rdar://problem/94229617>