[webkit-changes] [WebKit/WebKit] f58463: "Fuzz blocker for WebCore-SerializedScriptValue-De...

[nishajain61]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: f58463a1dec3085693a8910d18dbfee9514e850b
      https://github.com/WebKit/WebKit/commit/f58463a1dec3085693a8910d18dbfee9514e850b
  Author: Nisha Jain <nisha_jain at apple.com>
  Date:   2024-08-14 (Wed, 14 Aug 2024)

  Changed paths:
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp

  Log Message:
  -----------
  "Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in readTerminal() | case RegExpTag"
https://bugs.webkit.org/show_bug.cgi?id=272692
rdar://126142587

Reviewed by Chris Dumez.

During deserialization of IDBValueToJSValue based on RegExpTag, pointer to regExp is returned as NULL which causes ASSERT.
In order to avoid this issue for Release build checking the validity of reFlags.

* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):

Originally-landed-as: 272448.964 at safari-7618-branch (d3e1795539b0). rdar://132957961
Canonical link: https://commits.webkit.org/282239@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications