src/inspector · 9af895db5dd238f1d637fa6176caa2d1ca8682ae · Linshizhi / V8

[inspector] Gracefully ignore non-dictionary values as session state. · dc3eb449

Benedikt Meurer authored Jan 05, 2022

The V8InspectorSessionImpl constructor accepts a state, as either text
or CBOR encoded, and generally ignores all invalid inputs, except for
the case where it's a valid value, but not a dictionary value, in which
case it'll leak the value and crash upon casting to a `DictionaryValue`.

This is purely an issue with the test driver, so no security impact on
Chromium in the wild.

Fixed: chromium:1281031
Change-Id: I7b4d0aea83370499b1274d3fa214a14dc098d2f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361838
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78490}

dc3eb449

Name	Last commit	Last update
..
BUILD.gn		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...
custom-preview.cc		Loading commit data...
custom-preview.h		Loading commit data...
injected-script.cc		Loading commit data...
injected-script.h		Loading commit data...
inspected-context.cc		Loading commit data...
inspected-context.h		Loading commit data...
inspector_protocol_config.json		Loading commit data...
remote-object-id.cc		Loading commit data...
remote-object-id.h		Loading commit data...
search-util.cc		Loading commit data...
search-util.h		Loading commit data...
string-16.cc		Loading commit data...
string-16.h		Loading commit data...
string-util.cc		Loading commit data...
string-util.h		Loading commit data...
test-interface.cc		Loading commit data...
test-interface.h		Loading commit data...
v8-console-agent-impl.cc		Loading commit data...
v8-console-agent-impl.h		Loading commit data...
v8-console-message.cc		Loading commit data...
v8-console-message.h		Loading commit data...
v8-console.cc		Loading commit data...
v8-console.h		Loading commit data...
v8-debugger-agent-impl.cc		Loading commit data...
v8-debugger-agent-impl.h		Loading commit data...
v8-debugger-id.cc		Loading commit data...
v8-debugger-id.h		Loading commit data...
v8-debugger-script.cc		Loading commit data...
v8-debugger-script.h		Loading commit data...
v8-debugger.cc		Loading commit data...
v8-debugger.h		Loading commit data...
v8-heap-profiler-agent-impl.cc		Loading commit data...
v8-heap-profiler-agent-impl.h		Loading commit data...
v8-inspector-impl.cc		Loading commit data...
v8-inspector-impl.h		Loading commit data...
v8-inspector-session-impl.cc		Loading commit data...
v8-inspector-session-impl.h		Loading commit data...
v8-profiler-agent-impl.cc		Loading commit data...
v8-profiler-agent-impl.h		Loading commit data...
v8-regex.cc		Loading commit data...
v8-regex.h		Loading commit data...
v8-runtime-agent-impl.cc		Loading commit data...
v8-runtime-agent-impl.h		Loading commit data...
v8-schema-agent-impl.cc		Loading commit data...
v8-schema-agent-impl.h		Loading commit data...
v8-stack-trace-impl.cc		Loading commit data...
v8-stack-trace-impl.h		Loading commit data...
v8-string-conversions.cc		Loading commit data...
v8-string-conversions.h		Loading commit data...
v8-value-utils.cc		Loading commit data...
v8-value-utils.h		Loading commit data...
value-mirror.cc		Loading commit data...
value-mirror.h		Loading commit data...