Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6cccd5ef64eea5636933ece6f19de4571396828c
https://github.com/WebKit/WebKit/commit/6cccd5ef64eea5636933ece6f19de4571396828c
Author: Marcus Plutowski <[email protected]>
Date: 2026-07-01 (Wed, 01 Jul 2026)
Changed paths:
M Source/bmalloc/libpas/src/libpas/pas_mar_registry.c
M Source/bmalloc/libpas/src/libpas/pas_mar_registry.h
Log Message:
-----------
[libpas] Fix OoBable code-paths in MAR code
https://bugs.webkit.org/show_bug.cgi?id=311600
rdar://173772317
Reviewed by Yusuke Suzuki.
In the case that the allocation record table is controlled by an
attacker, we cannot trust the offsets contained inside, and should
assert that we do not read out-of-bounds based on them.
Originally-landed-as: 305413.727@safari-7624-branch (729d412ab091).
rdar://180429014
Canonical link: https://commits.webkit.org/316329@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications