Summary: | ArrayBufferView Should still give the array buffer even if it's neutered. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Keith Miller <keith_miller> | ||||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | NEW --- | ||||||||
Severity: | Normal | CC: | achristensen, bfulgham, ews-watchlist, fpizlo, jfbastien, mark.lam, mjs, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | Other | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Keith Miller
2017-10-20 12:34:47 PDT
Created attachment 324428 [details]
Patch
Created attachment 324429 [details]
Patch
Comment on attachment 324429 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=324429&action=review > Source/JavaScriptCore/ChangeLog:7 > + Can you explain what's going on? It's not obvious from anything that there isn't a bad caller here. Why is it the callee's responsibility. Etc Is this old patch still relevant? Per discussion with Keith, this does not appear to be actually a security bug. Comment on attachment 324429 [details]
Patch
Looks like this still applies and passes tests. Presumably the purpose of this is to prevent a crash or affect some observable behavior, but there's no test case. This also makes it hard to determine why this change is necessary.
Comment on attachment 324429 [details]
Patch
I think we need to check the existing users of `possiblySharedBuffer()` carefully. I think there are a lot of users which expect `nullptr` as neutered status. But they are now wrong. So we should fix them too.
Another question is, if neutering does not make it nullptr, can we change this signature to `Ref<ArrayBuffer> possiblySharedBuffer() const` instead? If we cannot do that, when do we get nullptr?
Comment on attachment 324429 [details]
Patch
This has been requesting review for more than one year. If this is still needed, please rebase and re-request review.
|