Bug 131137

Summary:

Crash when a function is constructed with the string "})({"

Product:

WebKit

Reporter:

webkit-bugs

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED CONFIGURATION CHANGED

Severity:

Normal

CC:

ap, erights, ggaren, oliver

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.9

Attachments:

Description	Flags
A simple page that will crash the Safari web process.	none

Description webkit-bugs 2014-04-02 16:17:20 PDT

Created attachment 228440 [details]
A simple page that will crash the Safari web process.

When using the Function constructor to create a function with the string "})({", the invoking process will crash.  When using a string such as "})str({", an error is thrown instead. Changing it to  "});str({" will again cause a crash.

Comment 1 Mark S. Miller 2014-08-14 14:18:34 PDT

Is this a duplicate of https://bugs.webkit.org/show_bug.cgi?id=106160 ?

Comment 2 Mark S. Miller 2014-08-14 14:49:30 PDT

See also https://groups.google.com/forum/#!topic/google-caja-discuss/KWRNYko_pQo

Comment 3 Mark S. Miller 2021-05-07 12:49:57 PDT

This is apparently a dup of a closed bug, as explained in a previous message. Should this be closed?

Comment 4 Alexey Proskuryakov 2022-07-15 17:35:09 PDT

The test is gone, so one way or another, there is nothing to do.