[webkit-changes] [WebKit/WebKit] aa5c9b: Fuzz blocker for WebCore-SerializedScriptValue-Des...
nishajain61
noreply at github.com
Thu Aug 8 15:05:29 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: aa5c9b81907f09663f6bd986e9675df81f207047
https://github.com/WebKit/WebKit/commit/aa5c9b81907f09663f6bd986e9675df81f207047
Author: Nisha Jain <nisha_jain at apple.com>
Date: 2024-08-08 (Thu, 08 Aug 2024)
Changed paths:
M Source/JavaScriptCore/yarr/YarrPattern.cpp
M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp
Log Message:
-----------
Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in readTerminal() | Yarr::CharacterClassConstructor::unicodeOpSorted
https://bugs.webkit.org/show_bug.cgi?id=272932
rdar://126631719
Reviewed by Yusuke Suzuki.
During deserialization of IDBValueToJSValue based on RegExpTag,
the YarrParser crashes as unsorted list is passed to unicodeOpSorted API.
To fix this issue sorted list is created and check is made before addChar API call.
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::putCharNonUnion):
* Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp:
(TestWebKitAPI::TEST):
Originally-landed-as: 272448.957 at safari-7618-branch (aee8743b069b). rdar://132957087
Canonical link: https://commits.webkit.org/282013@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list