Bug 241813 - std::variant decoding with out-of-bounds index should fail instead of decoding the 0'th type
Summary: std::variant decoding with out-of-bounds index should fail instead of decodin...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-06-21 11:50 PDT by Alex Christensen
Modified: 2022-06-21 20:24 PDT (History)
3 users (show)

See Also:


Attachments
Patch (1.16 KB, patch)
2022-06-21 11:51 PDT, Alex Christensen
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2022-06-21 11:50:24 PDT
Doesn't really decrease any powers of a compromised process, but IPC bounds checks are generally a good idea.  This prevents a debug assertion in fuzzers.
Comment 1 Alex Christensen 2022-06-21 11:51:35 PDT
Created attachment 460377 [details]
Patch
Comment 2 Alex Christensen 2022-06-21 11:58:38 PDT
See rdar://82979527
Comment 3 Chris Dumez 2022-06-21 12:46:24 PDT
Comment on attachment 460377 [details]
Patch

r=me
Comment 4 EWS 2022-06-21 20:23:03 PDT
Committed r295719 (251724@main): <https://commits.webkit.org/251724@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 460377 [details].
Comment 5 Radar WebKit Bug Importer 2022-06-21 20:24:13 PDT
<rdar://problem/95657318>