From 4a3cd84b09aec2fd6e0349ecbea54411a18f5168 Mon Sep 17 00:00:00 2001 From: Chris Dumez Date: Sat, 22 Feb 2025 22:31:13 -0800 Subject: [PATCH] Crash under DocumentThreadableLoader::dataReceived() dereferencing an unset std::optional https://bugs.webkit.org/show_bug.cgi?id=288305 rdar://145354732 Reviewed by Charlie Wolfe. Stop passing the resource load identifier to DocumentThreadableLoader::didReceiveData() since it doesn't use it. We don't always have an identifier and it was causing crashes trying to dereferencing an unset std::optional and for no good reason since the identifier wasn't needed anyway. * Source/WebCore/loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::dataReceived): (WebCore::DocumentThreadableLoader::didReceiveData): (WebCore::DocumentThreadableLoader::loadRequest): * Source/WebCore/loader/DocumentThreadableLoader.h: Canonical link: https://commits.webkit.org/290905@main --- Source/WebCore/loader/DocumentThreadableLoader.cpp | 6 +++--- Source/WebCore/loader/DocumentThreadableLoader.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp index 9a494ad4920b3..d9e30cc24a86d 100644 --- a/Source/WebCore/loader/DocumentThreadableLoader.cpp +++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp @@ -451,10 +451,10 @@ void DocumentThreadableLoader::didReceiveResponse(ResourceLoaderIdentifier ident void DocumentThreadableLoader::dataReceived(CachedResource& resource, const SharedBuffer& buffer) { ASSERT_UNUSED(resource, &resource == m_resource); - didReceiveData(*m_resource->resourceLoaderIdentifier(), buffer); + didReceiveData(buffer); } -void DocumentThreadableLoader::didReceiveData(ResourceLoaderIdentifier, const SharedBuffer& buffer) +void DocumentThreadableLoader::didReceiveData(const SharedBuffer& buffer) { ASSERT(m_client); @@ -686,7 +686,7 @@ void DocumentThreadableLoader::loadRequest(ResourceRequest&& request, SecurityCh didReceiveResponse(identifier, response); if (data) - didReceiveData(identifier, *data); + didReceiveData(*data); const auto* timing = response.deprecatedNetworkLoadMetricsOrNull(); auto resourceTiming = ResourceTiming::fromSynchronousLoad(requestURL, m_options.initiatorType, loadTiming, timing ? *timing : NetworkLoadMetrics::emptyMetrics(), response, securityOrigin()); diff --git a/Source/WebCore/loader/DocumentThreadableLoader.h b/Source/WebCore/loader/DocumentThreadableLoader.h index 963f6f33e582b..083a389024611 100644 --- a/Source/WebCore/loader/DocumentThreadableLoader.h +++ b/Source/WebCore/loader/DocumentThreadableLoader.h @@ -95,7 +95,7 @@ class CachedRawResource; void notifyFinished(CachedResource&, const NetworkLoadMetrics&, LoadWillContinueInAnotherProcess) override; void didReceiveResponse(ResourceLoaderIdentifier, const ResourceResponse&); - void didReceiveData(ResourceLoaderIdentifier, const SharedBuffer&); + void didReceiveData(const SharedBuffer&); void didFinishLoading(std::optional, const NetworkLoadMetrics&); void didFail(std::optional, const ResourceError&); void makeCrossOriginAccessRequest(ResourceRequest&&);