Bug 280946
| Summary: | [JSC] Assert `AsyncFromSyncIterator` before access to internal field | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Sosuke Suzuki <aosukeke> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Sosuke Suzuki
The patch at https://commits.webkit.org/283311@main introduced internal fields to
`AsyncFromSyncIterator`.
This patch changes the functions in `AsyncFromSyncIteratorPrototype` to assert that the `this`
object is an `AsyncFromSyncIterator` before accessing its internal fields. No runtime checks.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Sosuke Suzuki
Pull request: https://github.com/WebKit/WebKit/pull/34745
EWS
Committed 285086@main (fe316088fa6f): <https://commits.webkit.org/285086@main>
Reviewed commits have been landed. Closing PR #34745 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/137827063>