[Webkit-unassigned] [Bug 170924] New: ASSERTION FAILED: inIndex != notFound in JSC::invalidParameterInSourceAppender()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 17 16:06:26 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=170924
Bug ID: 170924
Summary: ASSERTION FAILED: inIndex != notFound in
JSC::invalidParameterInSourceAppender()
Product: WebKit
Version: WebKit Local Build
Hardware: Macintosh
OS: macOS 10.12
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
CC: ggaren at apple.com, sbarati at apple.com
1. Create a page xss.php with the following markup that can be served from an HTTP server:
<script>var q="<?php echo $_GET['q']; ?>"</script>
2. Access the page at <http://127.0.0.1/xss.php?q=%22i\u006E+alert(1)//>, modifying the URL as needed to access xss.php.
Then the WebProcess will crash because the assertion RELEASE_ASSERT(inIndex != notFound) fails in JSC::invalidParameterInSourceAppender().
I am using a local build of Mac WebKit at r215419.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170417/6e7915c3/attachment.html>
More information about the webkit-unassigned
mailing list