[Webkit-unassigned] [Bug 274844] New: Need to SUPPRESS_ASAN on MetadataTable::isDestroyed().

Wed May 29 10:11:58 PDT 2024

https://bugs.webkit.org/show_bug.cgi?id=274844

            Bug ID: 274844
           Summary: Need to SUPPRESS_ASAN on MetadataTable::isDestroyed().
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

MetadataTable::isDestroyed() is used to check if the unlinkedMetadata Ref is null as a null check mitigation.  Under normal circumstances, when a Ref is leaked and nullified, its memory gets poison on ASAN to ensure that it is not accessed thereafter.  This conflicts with out mitigation which wishes to access it after it is nullified.  The fix here is simply to apply SUPPRESS_ASAN to MetadataTable::isDestroyed().

rdar://128875400

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240529/08b65fdd/attachment.htm>