Bug 131137

Summary:

Crash when a function is constructed with the string "})({"

Product:

WebKit

Reporter:

webkit-bugs

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED CONFIGURATION CHANGED

Severity:

Normal

CC:

ap, erights, ggaren, oliver

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.9

Attachments:

Description	Flags
A simple page that will crash the Safari web process.	none

webkit-bugs

Reported 2014-04-02 16:17:20 PDT

Created attachment 228440 [details] A simple page that will crash the Safari web process. When using the Function constructor to create a function with the string "})({", the invoking process will crash. When using a string such as "})str({", an error is thrown instead. Changing it to "});str({" will again cause a crash.

Attachments
A simple page that will crash the Safari web process. (58 bytes, text/plain) 2014-04-02 16:17 PDT, webkit-bugs	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Mark S. Miller

Comment 1 2014-08-14 14:18:34 PDT

Is this a duplicate of https://bugs.webkit.org/show_bug.cgi?id=106160 ?

Mark S. Miller

Comment 2 2014-08-14 14:49:30 PDT

See also https://groups.google.com/forum/#!topic/google-caja-discuss/KWRNYko_pQo

Mark S. Miller

Comment 3 2021-05-07 12:49:57 PDT

This is apparently a dup of a closed bug, as explained in a previous message. Should this be closed?

Alexey Proskuryakov

Comment 4 2022-07-15 17:35:09 PDT

The test is gone, so one way or another, there is nothing to do.

Note You need to log in before you can comment on or make changes to this bug.