[Webkit-unassigned] [Bug 242683] heap-use-after-free in WebCore::RenderLayer::addChild()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 13 23:29:09 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=242683
--- Comment #11 from Chijin <tlock.chijin at gmail.com> ---
(In reply to Michael Catanzaro from comment #10)
> BTW I saw some comments that Apple Product Security determined this bug does
> not affect Safari, but I doubt it. Based on the asan traces and the fix
> commit, it seems most likely that Apple tested an already-fixed version.
I aggree with you. The original reply from Apple is that "After further investigation, we discovered the behavior you reported was addressed in Safari". I guess this implies that this issue may affect Safari but it has been fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230314/ed58f314/attachment.htm>
More information about the webkit-unassigned
mailing list