mirror/browser
1
0
Fork 0
mirror of https://github.com/lightpanda-io/browser.git synced 2026-06-11 01:25:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2364 from lightpanda-io/response_double_free

Browse Source 
Protect against response double-free
This commit is contained in:
Karl Seguin
2026-05-06 07:53:26 +08:00
committed by GitHub
parent 0ca3f2d8ec 8ee644d9bf
commit a3891c4f68
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/browser/webapi/net/Fetch.zig
View File

@@ -249,10 +249,17 @@ fn httpErrorCallback(ctx: *anyopaque, err: anyerror) void {
var response = self._response;
response._http_response = null;
// Capture this before we reject. Rejection could trigger httpShutdownCallback
// (via a microtask callback). But if we're here, then we'll take care of
// cleaning up when we're done.
const owns_response = self._owns_response;
self._owns_response = false;
// the response is only passed on v8 on success, if we're here, it's safe to
// clear this. (defer since `self is in the response's arena).
defer if (self._owns_response) {
defer if (owns_response) {
response.deinit(self._exec.context.page);
};
@@ -266,10 +273,6 @@ fn httpErrorCallback(ctx: *anyopaque, err: anyerror) void {
fn httpShutdownCallback(ctx: *anyopaque) void {
const self: *Fetch = @ptrCast(@alignCast(ctx));
if (comptime IS_DEBUG) {
// should always be true
std.debug.assert(self._owns_response);
}
if (self._owns_response) {
var response = self._response;