[webkit-changes] [WebKit/WebKit] a24de4: Correctly terminate deserialization in CloneDeseri...
Commit Queue
noreply at github.com
Wed Oct 30 19:38:43 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a24de49debc83a7ade9816f0805ce3dd115219fd
https://github.com/WebKit/WebKit/commit/a24de49debc83a7ade9816f0805ce3dd115219fd
Author: Nitin Mahendru <nitinmahendru at apple.com>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Correctly terminate deserialization in CloneDeserializer::readRTCCertificate
https://bugs.webkit.org/show_bug.cgi?id=278605
rdar://134026541
Reviewed by Chris Dumez.
Calling fail() as added in this change will terminate the deserialization process
instead of further trying to parse the data that is left. This can lead to arbitrary
data being forced into the deserializer.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readRTCCertificate):
Originally-landed-as: 280938.270 at safari-7619-branch (e2a2faccf8a5). rdar://138932344
Canonical link: https://commits.webkit.org/285936@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list