Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a24de49debc83a7ade9816f0805ce3dd115219fd
https://github.com/WebKit/WebKit/commit/a24de49debc83a7ade9816f0805ce3dd115219fd
Author: Nitin Mahendru <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Correctly terminate deserialization in CloneDeserializer::readRTCCertificate
https://bugs.webkit.org/show_bug.cgi?id=278605
rdar://134026541
Reviewed by Chris Dumez.
Calling fail() as added in this change will terminate the deserialization
process
instead of further trying to parse the data that is left. This can lead to
arbitrary
data being forced into the deserializer.
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readRTCCertificate):
Originally-landed-as: 280938.270@safari-7619-branch (e2a2faccf8a5).
rdar://138932344
Canonical link: https://commits.webkit.org/285936@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
