RESOLVED FIXED 249064
Web Inspector: Fix use-after-move in Inspector::InspectorDebuggerAgent::didCreateNativeExecutable() 
https://bugs.webkit.org/show_bug.cgi?id=249064
Summary Web Inspector: Fix use-after-move in Inspector::InspectorDebuggerAgent::didCr...
David Kilzer (:ddkilzer)
Reported 2022-12-09 19:50:13 PST
Fix use-after-move in Inspector::InspectorDebuggerAgent::didCreateNativeExecutable() in Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp. There are two places where `oldJITCodeRef` is used after being moved in a RELEASE_ASSERT() statement. ``` [...] switch (kind) { case JSC::CodeForCall: ASSERT(!replacedThunk->callThunk); replacedThunk->callThunk = WTFMove(oldJITCodeRef); ASSERT(!replacedThunk->callArityThunk); replacedThunk->callArityThunk = WTFMove(oldArityJITCodeRef); RELEASE_ASSERT(oldJITCodeRef.code() == createJITCodeRef(vm.jitStubs->ctiNativeCall(vm)).code()); // Use-after-move of `oldJITCodeRef`. break; case JSC::CodeForConstruct: ASSERT(!replacedThunk->constructThunk); replacedThunk->constructThunk = WTFMove(oldJITCodeRef); ASSERT(!replacedThunk->constructArityThunk); replacedThunk->constructArityThunk = WTFMove(oldArityJITCodeRef); RELEASE_ASSERT(oldJITCodeRef.code() == createJITCodeRef(vm.jitStubs->ctiNativeConstruct(vm)).code()); // Use-after-move of `oldJITCodeRef`. break; } [...] ```
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-12-09 19:50:30 PST
<rdar://problem/103204166>
David Kilzer (:ddkilzer)
Comment 2 2022-12-09 19:55:34 PST
Pull request: https://github.com/WebKit/WebKit/pull/7430
EWS
Comment 3 2022-12-12 14:18:15 PST
Committed 257755@main (9dbd0014372a): <https://commits.webkit.org/257755@main> Reviewed commits have been landed. Closing PR #7430 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.