Bug 258592 (CVE-2023-42833)

Summary: REGRESSION (264768@main): [JSC] isNaN should insert Check instead of fixup edge when converting it to constant
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: aperez, mark.lam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=257474

Yusuke Suzuki
Reported 2023-06-27 15:47:13 PDT
...
Attachments
Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2023-06-27 15:47:20 PDT
<rdar://problem/111223515>
Yusuke Suzuki
Comment 2 2023-06-27 15:48:07 PDT
Pull request: https://github.com/WebKit/WebKit/pull/15349
EWS
Comment 3 2023-06-27 17:18:52 PDT
Committed 265570@main (50ad0a17b352): <https://commits.webkit.org/265570@main> Reviewed commits have been landed. Closing PR #15349 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.