[Webkit-unassigned] [Bug 257737] Speculative crash in WebCoreTypedArrayController::registerWrapper when JSGlobalObject* is not a JSDOMGlobalObject
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 15 14:49:24 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=257737
Yusuke Suzuki <ysuzuki at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #2 from Yusuke Suzuki <ysuzuki at apple.com> ---
I don't think this is an issue. WebCore is adding a hook, so WebCore always creates JSDOMGlobalObject-derived shadow realm. So this condition is always met.
See `ShadowRealmGlobalScope` and `deriveShadowRealmGlobalObject`.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230615/916729eb/attachment.htm>
More information about the webkit-unassigned
mailing list