[Webkit-unassigned] [Bug 170924] New: ASSERTION FAILED: inIndex != notFound in JSC::invalidParameterInSourceAppender()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 17 16:06:26 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=170924

            Bug ID: 170924
           Summary: ASSERTION FAILED: inIndex != notFound in
                    JSC::invalidParameterInSourceAppender()
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Macintosh
                OS: macOS 10.12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: ggaren at apple.com, sbarati at apple.com

1. Create a page xss.php with the following markup that can be served from an HTTP server:

<script>var q="<?php echo $_GET['q']; ?>"</script>

2. Access the page at <http://127.0.0.1/xss.php?q=%22i\u006E+alert(1)//>, modifying the URL as needed to access xss.php.

Then the WebProcess will crash because the assertion RELEASE_ASSERT(inIndex != notFound) fails in JSC::invalidParameterInSourceAppender().

I am using a local build of Mac WebKit at r215419.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170417/6e7915c3/attachment.html>


More information about the webkit-unassigned mailing list