Bug 274844
| Summary: | Need to SUPPRESS_ASAN on MetadataTable::isDestroyed(). | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Lam <mark.lam> |
| Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Mark Lam
MetadataTable::isDestroyed() is used to check if the unlinkedMetadata Ref is null as a null check mitigation. Under normal circumstances, when a Ref is leaked and nullified, its memory gets poison on ASAN to ensure that it is not accessed thereafter. This conflicts with out mitigation which wishes to access it after it is nullified. The fix here is simply to apply SUPPRESS_ASAN to MetadataTable::isDestroyed().
rdar://128875400
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Lam
Pull request: https://github.com/WebKit/WebKit/pull/29228
EWS
Committed 279451@main (07e51b93d7e7): <https://commits.webkit.org/279451@main>
Reviewed commits have been landed. Closing PR #29228 and removing active labels.