5 matches found
WebKit Unspecified Memory Corruption Vulnerability(CVE-2017-2521)
WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed. Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is called whether...
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1165 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is called whether...
WebKit JSC JSObject::ensureLength Failure Check Vulnerability
WebKit JSC JSObject::ensureLength does not check if ensureLengthSlow fails. WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed. CVE-2017-2521 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength...
WebKit JSC - JSObject::ensureLength ensureLengthSlow Check Failure
WebKit JSC - JSObject::ensureLength ensureLengthSlow Check Failure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1165 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength...
WebKit JSC JSObject::ensureLength Failure Check
WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed. CVE-2017-2521 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is calle...