Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 461dbf7066ba0e0c9cfe92b9792da613be101df4
https://github.com/WebKit/WebKit/commit/461dbf7066ba0e0c9cfe92b9792da613be101df4
Author: Charlie Wolfe <[email protected]>
Date: 2026-06-12 (Fri, 12 Jun 2026)
Changed paths:
M Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h
Log Message:
-----------
AuthenticatorAssertionResponse::m_synchronizable is left uninitialized
https://bugs.webkit.org/show_bug.cgi?id=316975
rdar://179451483
Reviewed by Pascoe.
m_synchronizable had no in-class initializer and neither constructor set it, so
it held an
indeterminate value. LocalAuthenticator only calls setSynchronizable()
conditionally, so on the path
where the keychain group is null and the attributes lack kSecAttrSynchronizable
the garbage value
was read into authDataFlags(). Default-initialize it to false.
* Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h:
Canonical link: https://commits.webkit.org/315119@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
