ab745e1633
- Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) OBS-URL: https://build.opensuse.org/request/show/966949 OBS-URL: https://build.opensuse.org/package/show/KDE:Qt6/qt6-webengine?expand=0&rev=9
34 lines
1.5 KiB
Diff
34 lines
1.5 KiB
Diff
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
Date: Tue, 29 Mar 2022 17:31:58 +0200
|
|
Subject: [Backport] CVE-2022-1096
|
|
|
|
[runtime] Fix handling of interceptors
|
|
|
|
--- a/src/3rdparty/chromium/v8/src/objects/objects.cc
|
|
+++ b/src/3rdparty/chromium/v8/src/objects/objects.cc
|
|
@@ -2513,6 +2513,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
|
|
Maybe<bool> result =
|
|
JSObject::SetPropertyWithInterceptor(it, should_throw, value);
|
|
if (result.IsNothing() || result.FromJust()) return result;
|
|
+ // Assuming that the callback have side effects, we use
|
|
+ // Object::SetSuperProperty() which works properly regardless on
|
|
+ // whether the property was present on the receiver or not when
|
|
+ // storing to the receiver.
|
|
+ // Proceed lookup from the next state.
|
|
+ it->Next();
|
|
} else {
|
|
Maybe<PropertyAttributes> maybe_attributes =
|
|
JSObject::GetPropertyAttributesWithInterceptor(it);
|
|
@@ -2533,10 +2539,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
|
|
// property to the receiver.
|
|
it->NotFound();
|
|
}
|
|
- return Object::SetSuperProperty(it, value, store_origin,
|
|
- should_throw);
|
|
}
|
|
- break;
|
|
+ return Object::SetSuperProperty(it, value, store_origin, should_throw);
|
|
}
|
|
|
|
case LookupIterator::ACCESSOR: {
|