[Webkit-unassigned] [Bug 249119] New: Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText()

Sun Dec 11 20:20:59 PST 2022

https://bugs.webkit.org/show_bug.cgi?id=249119

            Bug ID: 249119
           Summary: Web Inspector: Use-after-scope in lambda in
                    WebCore::isValidRuleHeaderText()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Web Inspector
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddkilzer at webkit.org
                CC: inspector-bugzilla-changes at group.apple.com,
                    pangle at apple.com

Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText().

Currently, `CSSParserImpl` holds a reference to the `CSSParserContext` argument, so the context must outlive the parser.

However, in this code the context is a temporary stack variable which is destroyed after this statement, though the parser holds a reference to it.

```
        CSSParserImpl parser(parserContextForDocument(document), atRuleIdentifier + ' ' + headerText + " {}");
```

<rdar://102887283>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221212/d96198a9/attachment.htm>