Skip to content

Commit

Permalink
Cherry-pick 259548.729@safari-7615-branch (5cc2ead). https://bugs.web…
Browse files Browse the repository at this point in the history 
…kit.org/show_bug.cgi?id=256205.

    Handle potential overflow of gamepadEventListenerCount.
    https://bugs.webkit.org/show_bug.cgi?id=256205.
    rdar://80838189.

    Reviewed by Ryosuke Niwa.

    m_gamepadEventListenerCount can overflow if addEventListener() is called UINT_MAX+1 times.
    Once the window is freed, we will be left with a dangling pointer in the GamepadManager.
    This change adds a flag to check for overflow and keep the behavior same in the event of overflow..

    * Source/WebCore/page/DOMWindow.cpp:
    (WebCore::DOMWindow::~DOMWindow):
    (WebCore::DOMWindow::incrementGamepadEventListenerCount):
    (WebCore::DOMWindow::decrementGamepadEventListenerCount):
    * Source/WebCore/page/DOMWindow.h:

    Canonical link: https://commits.webkit.org/259548.729@safari-7615-branch
  • Loading branch information
@arunsundarapple @mcatanzaro
arunsundarapple authored and mcatanzaro committed Jul 28, 2023
1 parent 2a8268d commit 8c36278
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Source/WebCore/page/DOMWindow.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,7 @@ class DOMWindow final
#endif

#if ENABLE(GAMEPAD)
unsigned m_gamepadEventListenerCount { 0 };
uint64_t m_gamepadEventListenerCount { 0 };
#endif

mutable RefPtr<Storage> m_sessionStorage;
Expand Down

0 comments on commit 8c36278

Please sign in to comment.