Bug 270934

Summary: JSExecState::loadModule can dereference null result
Product: WebKit Reporter: David Degazio <d_degazio>
Component: WebCore JavaScriptAssignee: David Degazio <d_degazio>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

David Degazio
Reported 2024-03-13 15:24:45 PDT
rdar://121268593 JSModuleLoader::loadModule can return nullptr if there is an exception, but our WebCore bindings for this API (JSExecState::loadModule, which calls JSC::loadModule, which calls JSModuleLoader::loadModule) dereference the result unconditionally. This means that any callers of JSExecState::loadModule can be given a reference to a JSInternalPromise which is really a null pointer, and be unable to detect or respond to it. We can fix this by returning a pointer instead of a reference from JSExecState::loadModule and updating the callers to handle a null result appropriately.
Attachments
Add attachment proposed patch, testcase, etc.
David Degazio
Comment 1 2024-03-13 15:34:00 PDT
Pull request: https://github.com/WebKit/WebKit/pull/25841
EWS
Comment 2 2024-03-15 12:32:37 PDT
Committed 276190@main (20cd6e8fdcc8): <https://commits.webkit.org/276190@main> Reviewed commits have been landed. Closing PR #25841 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.