RESOLVED FIXED 194800
(CVE-2019-8559) Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq and CompareStrictEq nodes. 
https://bugs.webkit.org/show_bug.cgi?id=194800
Summary (CVE-2019-8559) Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq ...
Mark Lam
Reported 2019-02-18 16:53:22 PST
Fix doesGC() for the CompareEq, CompareLess, CompareLessEq, CompareGreater, CompareGreaterEq, and CompareStrictEq.
Attachments
proposed patch. (3.67 KB, patch)
2019-02-18 17:02 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-02-18 16:53:56 PST
<rdar://problem/48183773>
Mark Lam
Comment 2 2019-02-18 17:02:03 PST
Created attachment 362357 [details] proposed patch.
EWS Watchlist
Comment 3 2019-02-18 17:05:37 PST
Attachment 362357 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/dfg/DFGDoesGC.cpp:410: Multi line control clauses should use braces. [whitespace/braces] [4] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Yusuke Suzuki
Comment 4 2019-02-18 17:14:57 PST
Comment on attachment 362357 [details] proposed patch. r=me
Mark Lam
Comment 5 2019-02-18 18:06:04 PST
Comment on attachment 362357 [details] proposed patch. Thanks for the review. Landing now.
WebKit Commit Bot
Comment 6 2019-02-18 18:32:15 PST
Comment on attachment 362357 [details] proposed patch. Clearing flags on attachment: 362357 Committed r241753: <https://trac.webkit.org/changeset/241753>
WebKit Commit Bot
Comment 7 2019-02-18 18:32:17 PST
All reviewed patches have been landed. Closing bug.
Marc Bejarano
Comment 8 2019-02-22 07:18:38 PST
Looks like somebody should request a CVE and up the importance of this bug. https://twitter.com/qwertyoruiopz/status/1098642526041444354 https://ghostbin.com/paste/c4dhv
Note You need to log in before you can comment on or make changes to this bug.