WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy(CVE-2017-7064)

WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy Here's a snippet of JSArray::appendMemcpy. bool JSArray::appendMemcpyExecState exec, VM& vm, unsigned startIndex, JSC::JSArray otherArray auto scope = DECLARETHROWSCOPEvm; if !canFastCopyvm, otherArray return false; IndexingType type =...

WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy Vulnerability

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability. WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy CVE-2017-7064 WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy Here's a snippet of JSArray::appendMemcpy. bool...

WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy

WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy CVE-2017-7064 WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy Here's a snippet of JSArray::appendMemcpy. bool JSArray::appendMemcpyExecState exec, VM& vm, unsigned startIndex, JSC::JSArray otherArray auto scope =...

WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy

indexingType; if type == ArrayWithUndecided && copyType != NonArray if copyType == ArrayWithInt32 convertUndecidedToInt32vm; else if copyType == ArrayWithDouble convertUndecidedToDoublevm; else if copyType == ArrayWithContiguous convertUndecidedToContiguousvm; else ASSERTcopyType ==...