Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f047d0a6e29e4911ce20cde9ba3b558350d749e7
https://github.com/WebKit/WebKit/commit/f047d0a6e29e4911ce20cde9ba3b558350d749e7
Author: Tadeu Zagallo <[email protected]>
Date: 2023-08-03 (Thu, 03 Aug 2023)
Changed paths:
M Source/WebGPU/WGSL/GlobalVariableRewriter.cpp
Log Message:
-----------
[WGSL] UAF in GlobalVariableRewriter
https://bugs.webkit.org/show_bug.cgi?id=259696
rdar://113215682
Reviewed by Dan Glastonbury.
The GlobalVariableRewriter kept pointers to globals, which are values in the
HashMap,
but those pointers result in a UAF once the HashMap gets resized. To fix it,
instead
of storing the pointers, we just store the keys we perform another lookup. This
shouldn't
be an issue since we only look it up once.
No test added because it reproduces on the existing tests with ASAN enabled.
* Source/WebGPU/WGSL/GlobalVariableRewriter.cpp:
(WGSL::RewriteGlobalVariables::collectGlobals):
(WGSL::RewriteGlobalVariables::insertStructs):
Canonical link: https://commits.webkit.org/266546@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
