Summary: | REGRESSION: Reproducible crash in Safari when evaluating script in Drosera console | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mark Rowe (bdash) <mrowe> | ||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Major | CC: | koivisto | ||||
Priority: | P1 | Keywords: | InRadar, Regression | ||||
Version: | 523.x (Safari 3) | ||||||
Hardware: | Mac | ||||||
OS: | OS X 10.4 | ||||||
Attachments: |
|
Description
Mark Rowe (bdash)
2007-09-21 03:37:11 PDT
-[WebCoreScriptCallFrame evaluateWebScript:] retrieves eval from the global object, if it exists, and then calls it with a NULL this object. It is trivial to null-check thisObj inside GlobalFuncImp::callAsFunction in one place, which resolves the crash, but I'm not sure that it is correct for -[WebCoreScriptCallFrame evaluteWebScript:] to be passing NULL for thisObj in the first place. It clearly used to work, so I'll go ahead and prepare a patch to restore this. Created attachment 16338 [details]
Proposed patch
Comment on attachment 16338 [details]
Proposed patch
Antti reviewed this.
|