3 matches found
OSV-2021-843 Use-after-poison in AK::NonnullOwnPtr<JS::IndexedPropertyStorage>::operator->
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35038 Crash type: Use-after-poison READ 8 Crash state: AK::NonnullOwnPtr::operator- JS::IndexedProperties::arraylikesize JS::IndexedProperties::append...
OSV-2021-804 Heap-use-after-free in AK::NonnullOwnPtr<JS::IndexedPropertyStorage>::operator->
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34688 Crash type: Heap-use-after-free READ 8 Crash state: AK::NonnullOwnPtr::operator- JS::IndexedProperties::arraylikesize JS::IndexedProperties::append...
OSV-2021-563 Heap-use-after-free in AK::NonnullOwnPtr<JS::IndexedPropertyStorage>::operator->
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32459 Crash type: Heap-use-after-free READ 8 Crash state: AK::NonnullOwnPtr::operator- JS::IndexedProperties::arraylikesize JS::IndexedProperties::append...