Bug 194800 - (CVE-2019-8559) Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq and CompareStrictEq nodes.
Summary: (CVE-2019-8559) Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq ...
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
Keywords: InRadar
Depends on:
Reported: 2019-02-18 16:53 PST by Mark Lam
Modified: 2019-04-04 09:30 PDT (History)
12 users (show)

See Also:

proposed patch. (3.67 KB, patch)
2019-02-18 17:02 PST, Mark Lam
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2019-02-18 16:53:22 PST
Fix doesGC() for the CompareEq, CompareLess, CompareLessEq, CompareGreater, CompareGreaterEq, and CompareStrictEq.
Comment 1 Radar WebKit Bug Importer 2019-02-18 16:53:56 PST
Comment 2 Mark Lam 2019-02-18 17:02:03 PST
Created attachment 362357 [details]
proposed patch.
Comment 3 EWS Watchlist 2019-02-18 17:05:37 PST
Attachment 362357 [details] did not pass style-queue:

ERROR: Source/JavaScriptCore/dfg/DFGDoesGC.cpp:410:  Multi line control clauses should use braces.  [whitespace/braces] [4]
Total errors found: 1 in 2 files

If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Yusuke Suzuki 2019-02-18 17:14:57 PST
Comment on attachment 362357 [details]
proposed patch.

Comment 5 Mark Lam 2019-02-18 18:06:04 PST
Comment on attachment 362357 [details]
proposed patch.

Thanks for the review.  Landing now.
Comment 6 WebKit Commit Bot 2019-02-18 18:32:15 PST
Comment on attachment 362357 [details]
proposed patch.

Clearing flags on attachment: 362357

Committed r241753: <https://trac.webkit.org/changeset/241753>
Comment 7 WebKit Commit Bot 2019-02-18 18:32:17 PST
All reviewed patches have been landed.  Closing bug.
Comment 8 Marc Bejarano 2019-02-22 07:18:38 PST
Looks like somebody should request a CVE and up the importance of this bug.