WebKitGTK+ ThreadedCompositor Race Condition
Posted by deepcore on April 3, 2019 – 12:00 am
The compositor thread in WebKitGTK+ might alter a FilterOperation object’s reference count variable at the same time as the main thread. Then the reference count corruption might lead to a use-after-free condition.
Post a reply
You must be logged in to post a comment.