[webkit-changes] [WebKit/WebKit] c35fc0: jsc_fuz/wktr: null ptr deref in WebCore::IDBReques...

Sihui noreply at github.com
Fri Jul 28 11:30:45 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c35fc03694c2696aeeb50657fd250645c75d758c
      https://github.com/WebKit/WebKit/commit/c35fc03694c2696aeeb50657fd250645c75d758c
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2023-07-28 (Fri, 28 Jul 2023)

  Changed paths:
    A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt
    A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt
    A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html
    A LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html
    A LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js
    M Source/WebCore/Modules/indexeddb/IDBRequest.cpp

  Log Message:
  -----------
  jsc_fuz/wktr: null ptr deref in WebCore::IDBRequest::dispatchEvent(WebCore::Event&)
rdar://110459666

Reviewed by Brady Eidson.

Make sure untrusted event does not change the internal state of IDBRequest. Also, move the assert that request must have
pending activity when event is being dispatched to a later point, because IDBRequest::dispatchEvent might be invoked
from JavaScript code (i.e. request does not actually have pending activity).

Test: storage/indexeddb/modern/request-dispatch-untrusted-event.html
      storage/indexeddb/modern/request-dispatch-untrusted-event-private.html

* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt: Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt: Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html: Added.
* LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html: Added.
* LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js: Added.
(loadImage):
(openDatabase):
* Source/WebCore/Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::dispatchEvent):

Originally-landed-as: 259548.825 at safari-7615-branch (9b3d228ec2cb). rdar://110459666
Canonical link: https://commits.webkit.org/266390@main

More information about the webkit-changes mailing list