Summary: | [JSC] invalidParameterInstanceofSourceAppender should care direct call of Symbol.hasInstance | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Frédéric Wang (:fredw) <fred.wang> | ||||||
Component: | JavaScriptCore | Assignee: | Yusuke Suzuki <ysuzuki> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | bfulgham, cgarcia, ews-watchlist, gpoo, keith_miller, mark.lam, msaboff, pmatos, product-security, rbuis, rmorisset, rniwa, saam, svillar, ticaiolima, tzagallo, webkit-bug-importer, ysuzuki | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Frédéric Wang (:fredw)
2021-07-19 01:32:59 PDT
Created attachment 433776 [details]
Testcase
Sorry, I forgot to attach the testcase.
This is happening when JSC appends a source error. The invalidParameterInstanceofSourceAppender function expects the the sourceText to contain the string "instanceof", which is not the case here: 222 RELEASE_ASSERT(instanceofIndex != notFound); (rr) p content.utf8().data() $1 = 0x607000005510 "[Symbol.hasInstance] is not a function, undefined, or null" (rr) p originalMessage.utf8().data() $2 = 0x608000004d30 "function [Symbol.hasInstance] is not a function, undefined, or null" (rr) p sourceText.utf8().data() $3 = 0x606000007c50 "Function.prototype[Symbol.hasInstance].call(b)" It does not seem a security issue. Will look Since this is release-assert, it is not a security issue. Created attachment 433866 [details]
Patch
Comment on attachment 433866 [details]
Patch
Thanks. I'm going to r+ this since I suspect many reviewers are on holidays and this change seems uncontroversial.
Comment on attachment 433866 [details]
Patch
Thanks!
Committed r280097 (239814@main): <https://commits.webkit.org/239814@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 433866 [details]. |