WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
138141
ASSERT(!m_deletionHasBegun) in RefCounted.h should be ASSERT_WITH_SECURITY_IMPLICATION
https://bugs.webkit.org/show_bug.cgi?id=138141
Summary
ASSERT(!m_deletionHasBegun) in RefCounted.h should be ASSERT_WITH_SECURITY_IM...
Drew Yao
Reported
2014-10-28 11:39:22 PDT
rdar://18798463
ASSERT(!m_deletionHasBegun) in RefCounted.h should be ASSERT_WITH_SECURITY_IMPLICATION There are several assertions in RefCounted.h like ASSERT(!m_deletionHasBegun); These assertions indicate that a use after free will occur. Marking them as ASSERT_WITH_SECURITY_IMPLICATION will help find more security bugs with fuzzing. I’d also propose changing #ifdef NDEBUG #define CHECK_REF_COUNTED_LIFECYCLE 0 #else #define CHECK_REF_COUNTED_LIFECYCLE 1 #endif to #ifdef NDEBUG && ! defined(ADDRESS_SANITIZER) so that release ASAN builds can get the benefit of the checking.
Attachments
Patch
(2.21 KB, patch)
2014-10-29 17:25 PDT
,
Vicki Pfau
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Vicki Pfau
Comment 1
2014-10-29 17:25:31 PDT
Created
attachment 240641
[details]
Patch
WebKit Commit Bot
Comment 2
2014-10-30 14:35:00 PDT
Comment on
attachment 240641
[details]
Patch Clearing flags on attachment: 240641 Committed
r175382
: <
http://trac.webkit.org/changeset/175382
>
WebKit Commit Bot
Comment 3
2014-10-30 14:35:03 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug