Browsing the "confusion" Tag

Chrome JSPromise::TriggerPromiseReactions Type Confusion

April 2nd, 2019 📆 | 3357 Views ⚑

Chrome: Type confusion in JSPromise::TriggerPromiseReactions VULNERABILITY DETAILS==1. TriggerPromiseReactions==https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=d24c8dd69f1c7e89553ce101272aedefdb41110d&l=5975Handle JSPromise::TriggerPromiseReactions(Isolate* isolate,Handle reactions,Handle argument,PromiseReaction::Type type) {DCHECK(reactions->IsSmi() || reactions->IsPromiseReaction()); // We need to

Tagged with: