Bug 119281

Summary: GetByVal on Arguments does the wrong size load when checking the Arguments object length
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ggaren: review+

Mark Hahnenberg
Reported 2013-07-30 15:27:53 PDT
This leads to out of bounds accesses and subsequent crashes. Patch on its way.
Attachments
Patch (4.73 KB, patch)
2013-07-30 15:29 PDT, Mark Hahnenberg 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2013-07-30 15:29:44 PDT
Created attachment 207775 [details] Patch
Geoffrey Garen
Comment 2 2013-07-30 15:32:11 PDT
Comment on attachment 207775 [details] Patch r=me
Geoffrey Garen
Comment 3 2013-07-30 15:33:17 PDT
<rdar://problem/14527940>
Mark Hahnenberg
Comment 4 2013-07-30 15:40:42 PDT
Committed r153500: <http://trac.webkit.org/changeset/153500>
Note You need to log in before you can comment on or make changes to this bug.