Fix SIGSEGV crash in EventTarget::getTag() when instanceHandle is null#56212
Open
matthewlevy97 wants to merge 1 commit intofacebook:mainfrom
Open
Fix SIGSEGV crash in EventTarget::getTag() when instanceHandle is null#56212matthewlevy97 wants to merge 1 commit intofacebook:mainfrom
matthewlevy97 wants to merge 1 commit intofacebook:mainfrom
Conversation
Summary: Changelog: [General][Fixed] - Fix crash in EventTarget when instanceHandle is null This fixes a null pointer dereference crash in EventTarget::getTag() that occurs when instanceHandle_ is null. The crash was observed in UIManagerBinding::dispatchEventToJS() when dispatching events to JS. The EventTarget can be constructed with a null instanceHandle (as evidenced by test code and production usage), but getTag() and retain() were dereferencing it without checking for null first. This change adds defensive null checks in: 1. EventTarget::getTag() - returns -1 (invalid tag) if instanceHandle_ is null 2. EventTarget::retain() - skips getting instance handle if instanceHandle_ is null This follows the existing pattern used in ShadowNodeFamily::getInstanceHandle() which already handles the null instanceHandle_ case. Reviewed By: javache Differential Revision: D96473264
|
@matthewlevy97 has exported this pull request. If you are a Meta employee, you can view the originating Diff in D96473264. |
meta-cla
bot
added
the
CLA Signed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary:
Changelog:
[General][Fixed] - Fix crash in EventTarget when instanceHandle is null
This fixes a null pointer dereference crash in EventTarget::getTag() that occurs when instanceHandle_ is null. The crash was observed in UIManagerBinding::dispatchEventToJS() when dispatching events to JS.
The EventTarget can be constructed with a null instanceHandle (as evidenced by test code and production usage), but getTag() and retain() were dereferencing it without checking for null first.
This change adds defensive null checks in:
This follows the existing pattern used in ShadowNodeFamily::getInstanceHandle() which already handles the null instanceHandle_ case.
Reviewed By: javache
Differential Revision: D96473264