Ladybird/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-06-10 01:51:03 +09:00
Code Activity
ladybird/Libraries/LibGC
History
Luke Wilde 5146bbe296 LibGC: Visit the edges of the cells that must survive garbage collection 
Previously, we would only keep the cell that must survive alive, but
none of it's edges.

This cropped up with a GC UAF in must_survive_garbage_collection of
WebSocket in .NET's SignalR frontend implementation, where an
out-of-scope WebSocket had it's underlying EventTarget properties
garbage collected, and must_survive_garbage_collection read from the
destroyed EventTarget properties.

See: https://github.com/dotnet/aspnetcore/blob/main/src/SignalR/clients/ts/signalr/src/WebSocketTransport.ts#L81
Found on https://www.formula1.com/ during a live session.

Co-Authored-By: Tim Flynn <trflynn89@pm.me>
2025-02-27 14:35:28 -05:00
..
BlockAllocator.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
BlockAllocator.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
Cell.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
Cell.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
CellAllocator.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
CellAllocator.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
CMakeLists.txt LibGC: Rename MarkedVector => RootVector 2024-12-26 19:10:44 +01:00
ConservativeVector.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
ConservativeVector.h Everywhere: Include HashMap only where it's actually used 2024-12-09 12:31:16 +01:00
DeferGC.h LibGC: Expose deferred state publicly, annotate DeferGC for Swift 2024-11-19 14:32:11 -07:00
ForeignCell.cpp LibGC: Add a ForeignCell class for ownership of non-C++ objects 2024-11-19 14:32:11 -07:00
ForeignCell.h AK+Everywhere: Rename verify_cast to as 2025-01-21 11:34:06 -05:00
Forward.h LibGC: Rename MarkedVector => RootVector 2024-12-26 19:10:44 +01:00
Function.h LibGC: Mark GC::Function and create_function as ESCAPING 2024-12-10 07:13:00 +01:00
Heap+Swift.swift LibGC: Add Swift bindings to the GC heap 2024-11-19 14:32:11 -07:00
Heap.cpp LibGC: Visit the edges of the cells that must survive garbage collection 2025-02-27 14:35:28 -05:00
Heap.h LibJS+LibGC: Run FinalizationRegistry cleanup host hook *after* GC 2025-01-23 12:10:21 +01:00
HeapBlock.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
HeapBlock.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
HeapRoot.h LibGC: Rename MarkedVector => RootVector 2024-12-26 19:10:44 +01:00
Internals.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
NanBoxedValue.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
Ptr.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
Root.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
Root.h LibJS: Stop lazily coercing numeric PropertyKeys 2024-12-01 10:42:49 +01:00
RootVector.cpp LibGC: Rename remaining occurrence of marked vector 2025-01-02 16:22:29 -07:00
RootVector.h LibGC: Add ability to construct RootVector<T> from a span of T 2025-01-21 17:02:51 +01:00
WeakContainer.cpp LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00
WeakContainer.h LibGC+Everywhere: Factor out a LibGC from LibJS 2024-11-15 14:49:20 +01:00