[webkit-changes] [WebKit/WebKit] 865133: Make all senstitive $vm properties not enumerable ...
Commit Queue
noreply at github.com
Mon Oct 16 07:28:56 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 86513355ed9fd7714834054a3112b92206344cac
https://github.com/WebKit/WebKit/commit/86513355ed9fd7714834054a3112b92206344cac
Author: Mark Lam <mark.lam at apple.com>
Date: 2023-10-16 (Mon, 16 Oct 2023)
Changed paths:
M Source/JavaScriptCore/tools/JSDollarVM.cpp
M Source/JavaScriptCore/tools/JSDollarVM.h
Log Message:
-----------
Make all senstitive $vm properties not enumerable by Object.getOwnPropertyNames.
https://bugs.webkit.org/show_bug.cgi?id=263187
rdar://112814894
Reviewed by Keith Miller and Justin Michaud.
$vm functions are not meant to be enumerable. That's why all of them have the DontEnum attribute.
However, Object.getOwnPropertyNames does not honor this by default. As a result, this can trip up
fuzzers that happens to enumerate it with Object.getOwnPropertyNames.
The fix is to make JSDollarVM OverridesGetOwnPropertyNames, and have its getOwnPropertyNames
method always exclude DontEnum properties as expected.
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
(JSC::JSDollarVM::getOwnPropertyNames):
* Source/JavaScriptCore/tools/JSDollarVM.h:
Canonical link: https://commits.webkit.org/269361@main
More information about the webkit-changes
mailing list