Bug 43549

Summary: cross_fuzz: setTimeout/postMessage NULL pointer
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap, eric
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2010-08-05 03:05:53 PDT
Created attachment 63569 [details] Repro When using the postMessage functions as an argument to the setTimeout/setInterval functions, it gets called without any arguments or "this" object. This is not handled gracefully and causes a NULL deref and subsequent crash: <script> setTimeout(window.postMessage); </script> id: WebCore::Frame::domWindow ReadAV@NULL (f8cd71f24fff11a7dbb6a39e738fe929) description: Attempt to read from NULL pointer (+0x330) in WebCore::Frame::domWindow stack: WebCore::Frame::domWindow WebCore::V8DOMWindow::postMessageCallback v8::internal::HandleApiCallHelper<...> v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call ...
Attachments
Repro (50 bytes, text/html)
2010-08-05 03:05 PDT, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1 2011-02-17 04:04:17 PST
*** This bug has been marked as a duplicate of bug 45882 ***
Note You need to log in before you can comment on or make changes to this bug.