211846 – Null pointer access in DOMGuarded::guarded on 64b build

RESOLVED INVALID 211846

Null pointer access in DOMGuarded::guarded on 64b build

https://bugs.webkit.org/show_bug.cgi?id=211846

Summary Null pointer access in DOMGuarded::guarded on 64b build

xc.o.c.1180@gmail.com

Reported 2020-05-13 09:17:00 PDT

Created attachment 399271 [details] patch Should check null before jsDynamicCast. Also, guardedObject() should just return JSCell*, this saves a branch in jsDynamicCast.

Attachments
patch (1.02 KB, text/plain) 2020-05-13 09:17 PDT, xc.o.c.1180@gmail.com	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2020-05-30 23:19:04 PDT

(In reply to xc.o.c.1180@gmail.com from comment #0) > Created attachment 399271 [details] > patch > > Should check null before jsDynamicCast. > > Also, guardedObject() should just return JSCell*, this saves a branch in > jsDynamicCast. Could you add a test case showing the crash?

xc.o.c.1180@gmail.com

Comment 2 2020-06-01 07:42:19 PDT

Sorry, this is a mistake, please discard it.

Yusuke Suzuki

Comment 3 2020-06-01 08:28:56 PDT

(In reply to xc.o.c.1180@gmail.com from comment #2) > Sorry, this is a mistake, please discard it. OK, no problem! Thanks for filing an issue :D

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Bindings

Assignee

Nobody

Reported

2020-05-13 09:17 PDT

Modified

2020-06-01 08:28 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks