Skip to content

Commit

Permalink
Handle potential overflow of gamepadEventListenerCount.
Browse files Browse the repository at this point in the history 
https://bugs.webkit.org/show_bug.cgi?id=256205.
rdar://80838189.

Reviewed by Ryosuke Niwa.

m_gamepadEventListenerCount can overflow if addEventListener() is called UINT_MAX+1 times.
Once the window is freed, we will be left with a dangling pointer in the GamepadManager.
This change adds a flag to check for overflow and keep the behavior same in the event of overflow..

* Source/WebCore/page/DOMWindow.cpp:
(WebCore::DOMWindow::~DOMWindow):
(WebCore::DOMWindow::incrementGamepadEventListenerCount):
(WebCore::DOMWindow::decrementGamepadEventListenerCount):
* Source/WebCore/page/DOMWindow.h:

Canonical link: https://commits.webkit.org/259548.729@safari-7615-branch
  • Loading branch information
@arunsundarapple @johnwilander
arunsundarapple authored and johnwilander committed May 4, 2023
1 parent 4206d48 commit 5cc2ead
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Source/WebCore/page/DOMWindow.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,7 +479,7 @@ class DOMWindow final
#endif

#if ENABLE(GAMEPAD)
unsigned m_gamepadEventListenerCount { 0 };
uint64_t m_gamepadEventListenerCount { 0 };
#endif

mutable RefPtr<Storage> m_sessionStorage;
Expand Down

0 comments on commit 5cc2ead

Please sign in to comment.