[webkit-changes] [WebKit/WebKit] aa5c9b: Fuzz blocker for WebCore-SerializedScriptValue-Des...

nishajain61 Thu, 08 Aug 2024 15:05:33 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: aa5c9b81907f09663f6bd986e9675df81f207047
      
https://github.com/WebKit/WebKit/commit/aa5c9b81907f09663f6bd986e9675df81f207047
  Author: Nisha Jain <[email protected]>
  Date:   2024-08-08 (Thu, 08 Aug 2024)


  Changed paths:
    M Source/JavaScriptCore/yarr/YarrPattern.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp

  Log Message:
  -----------
  Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in 
readTerminal() | Yarr::CharacterClassConstructor::unicodeOpSorted
https://bugs.webkit.org/show_bug.cgi?id=272932
rdar://126631719

Reviewed by Yusuke Suzuki.

During deserialization of IDBValueToJSValue based on RegExpTag,
the YarrParser crashes as unsorted list is passed to unicodeOpSorted API.
To fix this issue sorted list is created and check is made before addChar API 
call.

* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::putCharNonUnion):
* Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp:
(TestWebKitAPI::TEST):

Originally-landed-as: 272448.957@safari-7618-branch (aee8743b069b). 
rdar://132957087
Canonical link: https://commits.webkit.org/282013@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] aa5c9b: Fuzz blocker for WebCore-SerializedScriptValue-Des...

Reply via email to