Fabian Vogt
2208c5f091
- Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) OBS-URL: https://build.opensuse.org/request/show/966881 OBS-URL: https://build.opensuse.org/package/show/KDE:Qt:5.15/libqt5-qtwebengine?expand=0&rev=37
48 lines
2.0 KiB
Diff
48 lines
2.0 KiB
Diff
From abb5119d0f307f7f98e59a5f3ee9872f3d286b37 Mon Sep 17 00:00:00 2001
|
|
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
Date: Tue, 29 Mar 2022 17:31:58 +0200
|
|
Subject: [Backport] CVE-2022-1096
|
|
|
|
[runtime] Fix handling of interceptors
|
|
|
|
Change-Id: I36b218f25c0dff6f5a39931e7536c6588ff46eef
|
|
Reviewed-by: Igor Sheludko <ishell@chromium.org>
|
|
(cherry picked from commit b85cb23217f629522702c19381db9c65accc1fba)
|
|
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
---
|
|
chromium/v8/src/objects/objects.cc | 10 +++++++---
|
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/3rdparty/chromium/v8/src/objects/objects.cc b/src/3rdparty/chromium/v8/src/objects/objects.cc
|
|
index 43d835044de..f1d15d27c6e 100644
|
|
--- a/src/3rdparty/chromium/v8/src/objects/objects.cc
|
|
+++ b/src/3rdparty/chromium/v8/src/objects/objects.cc
|
|
@@ -2481,6 +2481,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
|
|
Maybe<bool> result =
|
|
JSObject::SetPropertyWithInterceptor(it, should_throw, value);
|
|
if (result.IsNothing() || result.FromJust()) return result;
|
|
+ // Assuming that the callback have side effects, we use
|
|
+ // Object::SetSuperProperty() which works properly regardless on
|
|
+ // whether the property was present on the receiver or not when
|
|
+ // storing to the receiver.
|
|
+ // Proceed lookup from the next state.
|
|
+ it->Next();
|
|
} else {
|
|
Maybe<PropertyAttributes> maybe_attributes =
|
|
JSObject::GetPropertyAttributesWithInterceptor(it);
|
|
@@ -2501,10 +2507,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
|
|
// property to the receiver.
|
|
it->NotFound();
|
|
}
|
|
- return Object::SetSuperProperty(it, value, store_origin,
|
|
- should_throw);
|
|
}
|
|
- break;
|
|
+ return Object::SetSuperProperty(it, value, store_origin, should_throw);
|
|
}
|
|
|
|
case LookupIterator::ACCESSOR: {
|
|
--
|
|
cgit v1.2.1
|
|
|