239440 – Harden setPrototypeOf().

RESOLVED FIXED 239440

Harden setPrototypeOf().

https://bugs.webkit.org/show_bug.cgi?id=239440

Summary Harden setPrototypeOf().

Mark Lam

Reported 2022-04-17 14:42:53 PDT

Attachments
patch for landing. (5.43 KB, patch) 2022-04-17 14:51 PDT, Mark Lam	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2022-04-17 14:51:16 PDT

Created attachment 457778 [details] patch for landing.

Mark Lam

Comment 2 2022-04-17 14:54:02 PDT

Saam Barati

Comment 3 2022-04-18 10:15:30 PDT

Comment on attachment 457778 [details] patch for landing. View in context: https://bugs.webkit.org/attachment.cgi?id=457778&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1881 > + else if (UNLIKELY(!prototype.isNull())) // Conservative hardening. > + return; should the above just be a release assert and we can remove this?

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2022-04-17 14:42 PDT

Modified

2022-04-18 10:15 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks