RESOLVED FIXED 231252
Speculative fix for a null pointer dereference in ByteCodeParser::handlePutByVal. 
https://bugs.webkit.org/show_bug.cgi?id=231252
Summary Speculative fix for a null pointer dereference in ByteCodeParser::handlePutBy...
Mark Lam
Reported 2021-10-05 14:06:20 PDT
We're seeing a null pointer dereference in ByteCodeParser::handlePutByVal(). Adding a null check here as a speculative fix to mitigate crashes while we investigate further. rdar://83310320
Attachments
proposed patch. (1.90 KB, patch)
2021-10-05 14:14 PDT, Mark Lam 		ysuzuki: review+
DetailsFormatted DiffDiff
[fast-cq] patch for landing. (2.80 KB, patch)
2021-10-05 14:35 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2021-10-05 14:14:45 PDT
Created attachment 440265 [details] proposed patch.
Yusuke Suzuki
Comment 2 2021-10-05 14:20:57 PDT
Comment on attachment 440265 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=440265&action=review r=me > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:8881 > + auto* impl = string->tryGetValueImpl(); > + ASSERT(impl); // FIXME: rdar://83902782 > + if (impl && impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) { Similar thing exists on op_put_private_name. Please change all of these things in DFG::ByteCodeParser.
Mark Lam
Comment 3 2021-10-05 14:35:04 PDT
Created attachment 440271 [details] [fast-cq] patch for landing. Thanks for the review.
EWS
Comment 4 2021-10-06 10:31:52 PDT
Committed r283632 (242583@main): <https://commits.webkit.org/242583@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 440271 [details].
Note You need to log in before you can comment on or make changes to this bug.