[webkit-changes] [WebKit/WebKit] 07e51b: Need to SUPPRESS_ASAN on MetadataTable::isDestroye...

[Commit Queue]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 07e51b93d7e7d7662aead526afe0dbde85a71c7a
      https://github.com/WebKit/WebKit/commit/07e51b93d7e7d7662aead526afe0dbde85a71c7a
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2024-05-29 (Wed, 29 May 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/MetadataTable.h

  Log Message:
  -----------
  Need to SUPPRESS_ASAN on MetadataTable::isDestroyed().
https://bugs.webkit.org/show_bug.cgi?id=274844
rdar://128875400

Reviewed by Yijia Huang.

MetadataTable::isDestroyed() is used to check if the unlinkedMetadata Ref is null
as a null check mitigation.  Under normal circumstances, when a Ref is leaked and
nullified, its memory gets poison on ASAN to ensure that it is not accessed
thereafter.  This conflicts with our mitigation which wishes to access it after it
is nullified.  The fix here is simply to apply SUPPRESS_ASAN to
MetadataTable::isDestroyed().

* Source/JavaScriptCore/bytecode/MetadataTable.h:
(JSC::MetadataTable::isDestroyed const):

Canonical link: https://commits.webkit.org/279451@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications