Bug 263187 - Make all senstitive $vm properties not enumerable by Object.getOwnPropertyNames.
Summary: Make all senstitive $vm properties not enumerable by Object.getOwnPropertyNames.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2023-10-16 00:08 PDT by Mark Lam
Modified: 2023-10-16 07:28 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2023-10-16 00:08:28 PDT 
$vm functions are not meant to be enumerable.  That's why all of them have the DontEnum attribute.  However, Object.getOwnPropertyNames does not honor this by default.  As a result, this can trip up fuzzers that happens to enumerate it with Object.getOwnPropertyNames.

rdar://112814894
Comment 1 Mark Lam 2023-10-16 00:20:01 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/19104
Comment 2 EWS 2023-10-16 07:28:47 PDT 
Committed 269361@main (86513355ed9f): <https://commits.webkit.org/269361@main>

Reviewed commits have been landed. Closing PR #19104 and removing active labels.