File CVE-2022-1096-qtwebengine-6.2.patch of Package qt6-webengine

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-1096-qtwebengine-6.2.patch of Package qt6-webengine

From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Tue, 29 Mar 2022 17:31:58 +0200
Subject: [Backport] CVE-2022-1096

[runtime] Fix handling of interceptors

--- a/src/3rdparty/chromium/v8/src/objects/objects.cc
+++ b/src/3rdparty/chromium/v8/src/objects/objects.cc
@@ -2513,6 +2513,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
           Maybe<bool> result =
               JSObject::SetPropertyWithInterceptor(it, should_throw, value);
           if (result.IsNothing() || result.FromJust()) return result;
+          // Assuming that the callback have side effects, we use
+          // Object::SetSuperProperty() which works properly regardless on
+          // whether the property was present on the receiver or not when
+          // storing to the receiver.
+          // Proceed lookup from the next state.
+          it->Next();
         } else {
           Maybe<PropertyAttributes> maybe_attributes =
               JSObject::GetPropertyAttributesWithInterceptor(it);
@@ -2533,10 +2539,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
             // property to the receiver.
             it->NotFound();
           }
-          return Object::SetSuperProperty(it, value, store_origin,
-                                          should_throw);
         }
-        break;
+        return Object::SetSuperProperty(it, value, store_origin, should_throw);
       }

case LookupIterator::ACCESSOR: {

Places

File CVE-2022-1096-qtwebengine-6.2.patch of Package qt6-webengine

Places