[webkit-changes] [WebKit/WebKit] f58463: "Fuzz blocker for WebCore-SerializedScriptValue-De...

nishajain61 Wed, 14 Aug 2024 09:59:46 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: f58463a1dec3085693a8910d18dbfee9514e850b
      
https://github.com/WebKit/WebKit/commit/f58463a1dec3085693a8910d18dbfee9514e850b
  Author: Nisha Jain <[email protected]>
  Date:   2024-08-14 (Wed, 14 Aug 2024)


  Changed paths:
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp

  Log Message:
  -----------
  "Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in 
readTerminal() | case RegExpTag"
https://bugs.webkit.org/show_bug.cgi?id=272692
rdar://126142587

Reviewed by Chris Dumez.

During deserialization of IDBValueToJSValue based on RegExpTag, pointer to 
regExp is returned as NULL which causes ASSERT.
In order to avoid this issue for Release build checking the validity of reFlags.

* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):

Originally-landed-as: 272448.964@safari-7618-branch (d3e1795539b0). 
rdar://132957961
Canonical link: https://commits.webkit.org/282239@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] f58463: "Fuzz blocker for WebCore-SerializedScriptValue-De...

Reply via email to