|Summary:||ArrayBufferView Should still give the array buffer even if it's neutered.|
|Product:||WebKit||Reporter:||Keith Miller <keith_miller>|
|Severity:||Normal||CC:||achristensen, bfulgham, ews-watchlist, fpizlo, jfbastien, mark.lam, mjs, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki|
Description Keith Miller 2017-10-20 12:34:47 PDT
Comment 6 Saam Barati 2017-10-20 12:46:32 PDT
Comment 7 Maciej Stachowiak 2020-05-30 20:00:04 PDT
Is this old patch still relevant?
Comment 8 Maciej Stachowiak 2020-06-03 14:50:28 PDT
Per discussion with Keith, this does not appear to be actually a security bug.
Comment 9 Maciej Stachowiak 2020-06-04 02:40:43 PDT
Comment on attachment 324429 [details] Patch Looks like this still applies and passes tests. Presumably the purpose of this is to prevent a crash or affect some observable behavior, but there's no test case. This also makes it hard to determine why this change is necessary.
Comment 10 Yusuke Suzuki 2020-06-13 10:18:18 PDT
Comment on attachment 324429 [details] Patch I think we need to check the existing users of `possiblySharedBuffer()` carefully. I think there are a lot of users which expect `nullptr` as neutered status. But they are now wrong. So we should fix them too. Another question is, if neutering does not make it nullptr, can we change this signature to `Ref<ArrayBuffer> possiblySharedBuffer() const` instead? If we cannot do that, when do we get nullptr?