[webkit-changes] [WebKit/WebKit] a24de4: Correctly terminate deserialization in CloneDeseri...

Commit Queue Wed, 30 Oct 2024 19:57:13 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a24de49debc83a7ade9816f0805ce3dd115219fd
      
https://github.com/WebKit/WebKit/commit/a24de49debc83a7ade9816f0805ce3dd115219fd
  Author: Nitin Mahendru <nitinmahen...@apple.com>
  Date:   2024-10-30 (Wed, 30 Oct 2024)


  Changed paths:
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  Correctly terminate deserialization in CloneDeserializer::readRTCCertificate
https://bugs.webkit.org/show_bug.cgi?id=278605
rdar://134026541

Reviewed by Chris Dumez.

Calling fail() as added in this change will terminate the deserialization 
process
instead of further trying to parse the data that is left. This can lead to 
arbitrary
data being forced into the deserializer.

* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readRTCCertificate):

Originally-landed-as: 280938.270@safari-7619-branch (e2a2faccf8a5). 
rdar://138932344
Canonical link: https://commits.webkit.org/285936@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] a24de4: Correctly terminate deserialization in CloneDeseri...

Reply via email to