Bug 156444 (CVE-2016-4624)

Summary: Allocation sinking SSA Defs are allowed to have replacements
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Description Saam Barati 2016-04-09 13:48:51 PDT 
...
Comment 1 Saam Barati 2016-04-09 14:02:52 PDT 
Created attachment 276095 [details]
patch
Comment 2 Filip Pizlo 2016-04-09 16:07:15 PDT 
R=me. 

For some reason it's not letting me set the R+ flag
Comment 3 Saam Barati 2016-04-09 17:26:59 PDT 
Thanks for the review.

landed in:
http://trac.webkit.org/changeset/199277