Avatar for the cloudflare user
cloudflare
workerd
BlogDocsChangelog

Restore strong captures in internal stream read callbacks to prevent UAF

#6202Merged
Comparing
codex/propose-fix-for-use-after-free-vulnerability
(
5014790
) with
main
(
24a00c8
)
CodSpeed Performance Gauge
0%
Untouched
70
Skipped
129

Benchmarks

199 total
arrayBufferBody[Response]
src/workerd/tests/bench-response.c++
CodSpeed Performance Gauge
+1%
17.7 µs17.6 µs
nullBodyWithStatus[Response]
src/workerd/tests/bench-response.c++
CodSpeed Performance Gauge
+1%
10.4 µs10.4 µs
simpleStringBody[Response]
src/workerd/tests/bench-response.c++
CodSpeed Performance Gauge
0%
20.2 µs20.1 µs
constructor[ApiHeaders]
src/workerd/tests/bench-api-headers.c++
CodSpeed Performance Gauge
0%
67.8 ms67.7 ms
jsonResponse[Response]
src/workerd/tests/bench-response.c++
CodSpeed Performance Gauge
0%
40.2 µs40.1 µs
bodyWithHeaders[Response]
src/workerd/tests/bench-response.c++
CodSpeed Performance Gauge
0%
30.3 µs30.2 µs
request[RegExpBenchmark]
src/workerd/tests/bench-regex.c++
CodSpeed Performance Gauge
0%
8.2 ms8.2 ms
Test_JSON_DEC
src/workerd/tests/bench-json.c++
CodSpeed Performance Gauge
0%
3.2 s3.2 s
bm_Http_OverCapnpLocalCall
external/+http+capnp-cpp/src/capnp/compat/http-over-capnp-bench.c++
CodSpeed Performance Gauge
0%
128.2 µs128.2 µs
EncodeInto_ASCII_1024[TextEncoder][1/0/1024]
src/workerd/tests/bench-text-encoder.c++
CodSpeed Performance Gauge
0%
2.5 ms2.5 ms
EncodeInto_OneByte_8192[TextEncoder][1/1/8192]
src/workerd/tests/bench-text-encoder.c++
CodSpeed Performance Gauge
0%
66.5 ms66.5 ms
bm_Http_OverCapnpFullRPC
external/+http+capnp-cpp/src/capnp/compat/http-over-capnp-bench.c++
CodSpeed Performance Gauge
0%
234.9 µs234.9 µs
JsString_Utf8Length_Utf16_Invalid_NonFlat_8192
src/workerd/tests/bench-jsstring.c++
CodSpeed Performance Gauge
0%
74.1 µs74.1 µs
JsString_Utf8Length_Utf16_Invalid_NonFlat_256
src/workerd/tests/bench-jsstring.c++
CodSpeed Performance Gauge
0%
9.3 µs9.3 µs
Parse[KjHeaders]
src/workerd/tests/bench-kj-headers.c++
CodSpeed Performance Gauge
0%
44.2 µs44.2 µs
bm_Http_Baseline
external/+http+capnp-cpp/src/capnp/compat/http-over-capnp-bench.c++
CodSpeed Performance Gauge
0%
11.1 µs11.1 µs
bm_Http_ClientWrapper
external/+http+capnp-cpp/src/capnp/compat/http-over-capnp-bench.c++
CodSpeed Performance Gauge
0%
35.8 µs35.8 µs
JsString_Utf8Length_Utf16_NonFlat_1024
src/workerd/tests/bench-jsstring.c++
CodSpeed Performance Gauge
0%
10.3 µs10.3 µs
JsString_Utf8Length_Utf16_NonFlat_8192
src/workerd/tests/bench-jsstring.c++
CodSpeed Performance Gauge
0%
24.7 µs24.7 µs
JsString_Utf8Length_Utf16_NonFlat_256
src/workerd/tests/bench-jsstring.c++
CodSpeed Performance Gauge
0%
8.2 µs8.2 µs
Serialize
src/workerd/tests/bench-mimetype.c++::Mimetype
CodSpeed Performance Gauge
0%
74.6 ms74.6 ms
bm_Coro_Immediate
external/+http+capnp-cpp/src/kj/async-bench.c++
CodSpeed Performance Gauge
0%
4.3 µs4.3 µs
ParseAndSerialize
src/workerd/tests/bench-mimetype.c++::Mimetype
CodSpeed Performance Gauge
0%
74.8 ms74.8 ms
bm_Coro_CoAwait_ImmediateCoroutine
external/+http+capnp-cpp/src/kj/async-bench.c++
CodSpeed Performance Gauge
0%
6 µs6 µs
bm_Promise_Immediate
external/+http+capnp-cpp/src/kj/async-bench.c++
CodSpeed Performance Gauge
0%
3.6 µs3.6 µs

Commits

Click on a commit to change the comparison range
Base
main
24a00c8
+0.02%
Fix internal stream read callbacks lifetime capture
5014790
2 months ago
by dknecht
© 2026 CodSpeed Technology
Home Terms Privacy Docs