-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[JSC] Add extra hardening about incorrectly configured shared growabl…
…e typed array view https://bugs.webkit.org/show_bug.cgi?id=262338 rdar://116168654 Reviewed by Mark Lam. This is adding extra hardening against wrongly configured shared growable typed array view materialization from SerializedScriptValue. This pattern must not happen from normal execution. This happens only when the current process gets a bug which can emit arbitrary serialized data. And since SharedArrayBuffer cannot be sent to the other process, this issue is confined in the current process. Given that the attacker is already getting a way to create arbitrary serialized data, probably this does not add much additionally, but just adding hardening for now as an extra safety. * Source/JavaScriptCore/runtime/ArrayBufferView.h: (JSC::ArrayBufferView::verifySubRangeLength): * Source/JavaScriptCore/runtime/DataView.cpp: (JSC::DataView::wrappedAs): * Source/JavaScriptCore/runtime/GenericTypedArrayViewInlines.h: (JSC::GenericTypedArrayView<Adaptor>::tryCreate): (JSC::GenericTypedArrayView<Adaptor>::wrappedAs): * Source/JavaScriptCore/runtime/JSDataView.cpp: (JSC::JSDataView::create): * Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h: (JSC::JSGenericTypedArrayView<Adaptor>::create): Originally-landed-as: 267815.120@safari-7617-branch (ac9f4e0). rdar://119594133 Canonical link: https://commits.webkit.org/272091@main
- Loading branch information
1 parent
f97d040
commit 409d5d9
Showing
5 changed files
with
16 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters