[webkit-changes] [WebKit/WebKit] ff1197: UAF in JSCreateScriptURLCallback via TrustedTypePo...
Ryosuke Niwa
noreply at github.com
Thu Apr 4 22:25:23 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ff119714d9a57249197055fe7dbb5ba930fd220c
https://github.com/WebKit/WebKit/commit/ff119714d9a57249197055fe7dbb5ba930fd220c
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2024-04-04 (Thu, 04 Apr 2024)
Changed paths:
M Source/WebCore/dom/WindowOrWorkerGlobalScopeTrustedTypes.cpp
M Source/WebCore/dom/WindowOrWorkerGlobalScopeTrustedTypes.h
M Source/WebCore/workers/WorkerGlobalScope.cpp
Log Message:
-----------
UAF in JSCreateScriptURLCallback via TrustedTypePolicy::~TrustedTypePolicy in WorkerOrWorkletThread::destroyWorkerGlobalScope
https://bugs.webkit.org/show_bug.cgi?id=272193
<rdar://122857425>
Reviewed by Chris Dumez.
Fix the bug that WorkerGlobalScope::prepareForDestruction doesn't remove WorkerGlobalScopeTrustedTypes
because it uses a different ASCIILiteral than the one used in the actual supplement.
* Source/WebCore/dom/WindowOrWorkerGlobalScopeTrustedTypes.cpp:
(WebCore::WorkerGlobalScopeTrustedTypes::supplementName):
(WebCore::WindowOrWorkerGlobalScopeTrustedTypes::workerGlobalSupplementName):
* Source/WebCore/dom/WindowOrWorkerGlobalScopeTrustedTypes.h:
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::prepareForDestruction):
Canonical link: https://commits.webkit.org/277095@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list