Bug 156444 (CVE-2016-4624)

Summary: Allocation sinking SSA Defs are allowed to have replacements
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Saam Barati
Reported 2016-04-09 13:48:51 PDT
...
Attachments
patch (3.45 KB, patch)
2016-04-09 14:02 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2016-04-09 14:02:52 PDT
Created attachment 276095 [details] patch
Filip Pizlo
Comment 2 2016-04-09 16:07:15 PDT
R=me. For some reason it's not letting me set the R+ flag
Saam Barati
Comment 3 2016-04-09 17:26:59 PDT
Thanks for the review. landed in: http://trac.webkit.org/changeset/199277
Note You need to log in before you can comment on or make changes to this bug.