pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/WebKit/WebKit/pull/60803

om/assets/global-68dd150ce6c8e711.css" /> ZStream: deflateEnd() called after inflateInit2() via DecompressionStream → invalid free (UB/crash) by robert-jenner · Pull Request #60803 · WebKit/WebKit · GitHub
Skip to content

ZStream: deflateEnd() called after inflateInit2() via DecompressionStream → invalid free (UB/crash)#60803

Merged
webkit-commit-queue merged 1 commit intoWebKit:mainfrom
robert-jenner:eng/172771351
Mar 18, 2026
Merged

ZStream: deflateEnd() called after inflateInit2() via DecompressionStream → invalid free (UB/crash)#60803
webkit-commit-queue merged 1 commit intoWebKit:mainfrom
robert-jenner:eng/172771351

Conversation

@robert-jenner
Copy link
Contributor

@robert-jenner robert-jenner commented Mar 17, 2026
edited by webkit-early-warning-system
Loading

43a1b0b

ZStream: deflateEnd() called after inflateInit2() via DecompressionStream → invalid free (UB/crash)
https://bugs.webkit.org/show_bug.cgi?id=302216
rdar://164363410

Reviewed by Chris Dumez.

Ensure that we properly select inflateEnd vs deflateEnd when closing a stream.

No new test because I was not able to get this to crash locally, but it is the correct fix.

* Source/WebCore/Modules/compression/ZStream.cpp:
(WebCore::ZStream::initializeIfNecessary):
(WebCore::ZStream::~ZStream):
* Source/WebCore/Modules/compression/ZStream.h:

Originally-landed-as: 301765.318@safari-7623-branch (f0c4a925385f). rdar://172771351
Canonical link: https://commits.webkit.org/309446@main

d45e87b

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows Apple Internal
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win ✅ 🛠 ios-apple
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests loading 🛠 mac-apple
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe ✅ 🛠 vision-apple
✅ 🧪 ios-wk2-wpt ✅ 🧪 api-mac-debug ✅ 🛠 gtk3-libwebrtc
✅ 🧪 api-ios ✅ 🧪 mac-wk1 ✅ 🛠 gtk
✅ 🛠 ios-safer-cpp ✅ 🧪 mac-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🛠 playstation
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@robert-jenner robert-jenner self-assigned this Mar 17, 2026
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Mar 17, 2026
edited
Loading

EWS run on current version of this PR (hash d45e87b)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows Apple Internal
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win ✅ 🛠 ios-apple
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests loading 🛠 mac-apple
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe ✅ 🛠 vision-apple
✅ 🧪 ios-wk2-wpt ✅ 🧪 api-mac-debug ✅ 🛠 gtk3-libwebrtc
✅ 🧪 api-ios ✅ 🧪 mac-wk1 ✅ 🛠 gtk
✅ 🛠 ios-safer-cpp ✅ 🧪 mac-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🛠 playstation
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@robert-jenner robert-jenner added the safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks label Mar 17, 2026
@fujii fujii mentioned this pull request Mar 17, 2026
Closed
@webkit-ews-buildbot webkit-ews-buildbot added merge-queue Applied to send a pull request to merge-queue and removed safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks labels Mar 18, 2026
@webkit-ews-buildbot
Copy link
Collaborator

webkit-ews-buildbot commented Mar 18, 2026

Safe-Merge-Queue: Build #86944.

@stwrt @robert-jenner
ZStream: deflateEnd() called after inflateInit2() via DecompressionSt…
43a1b0b 
…ream → invalid free (UB/crash)

https://bugs.webkit.org/show_bug.cgi?id=302216
rdar://164363410

Reviewed by Chris Dumez.

Ensure that we properly select inflateEnd vs deflateEnd when closing a stream.

No new test because I was not able to get this to crash locally, but it is the correct fix.

* Source/WebCore/Modules/compression/ZStream.cpp:
(WebCore::ZStream::initializeIfNecessary):
(WebCore::ZStream::~ZStream):
* Source/WebCore/Modules/compression/ZStream.h:

Originally-landed-as: 301765.318@safari-7623-branch (f0c4a925385f). rdar://172771351
Canonical link: https://commits.webkit.org/309446@main
@webkit-commit-queue
Copy link
Collaborator

webkit-commit-queue commented Mar 18, 2026

Committed 309446@main (43a1b0b): https://commits.webkit.org/309446@main

Reviewed commits have been landed. Closing PR #60803 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 43a1b0b into WebKit:main Mar 18, 2026
@webkit-commit-queue webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@robert-jenner robert-jenner

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@robert-jenner @webkit-early-warning-system @webkit-ews-buildbot @webkit-commit-queue @stwrt
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy