[webkit-changes] [WebKit/WebKit] c35fc0: jsc_fuz/wktr: null ptr deref in WebCore::IDBReques...

Fri, 28 Jul 2023 11:30:57 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c35fc03694c2696aeeb50657fd250645c75d758c
      
https://github.com/WebKit/WebKit/commit/c35fc03694c2696aeeb50657fd250645c75d758c
  Author: Sihui Liu <sihui_...@apple.com>
  Date:   2023-07-28 (Fri, 28 Jul 2023)

  Changed paths:
    A 
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt
    A 
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt
    A 
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html
    A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html
    A 
LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js
    M Source/WebCore/Modules/indexeddb/IDBRequest.cpp

  Log Message:
  -----------
  jsc_fuz/wktr: null ptr deref in 
WebCore::IDBRequest::dispatchEvent(WebCore::Event&)
rdar://110459666

Reviewed by Brady Eidson.

Make sure untrusted event does not change the internal state of IDBRequest. 
Also, move the assert that request must have
pending activity when event is being dispatched to a later point, because 
IDBRequest::dispatchEvent might be invoked
from JavaScript code (i.e. request does not actually have pending activity).

Test: storage/indexeddb/modern/request-dispatch-untrusted-event.html
      storage/indexeddb/modern/request-dispatch-untrusted-event-private.html

* 
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt:
 Added.
* 
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt:
 Added.
* 
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html:
 Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html: 
Added.
* 
LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js:
 Added.
(loadImage):
(openDatabase):
* Source/WebCore/Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::dispatchEvent):

Originally-landed-as: 259548.825@safari-7615-branch (9b3d228ec2cb). 
rdar://110459666
Canonical link: https://commits.webkit.org/266390@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to