Bug 50016

Summary: Potential crash in JavaClassV8.cpp
Product: WebKit Reporter: Ben Murdoch <benm>
Component: WebCore Misc.Assignee: Ben Murdoch <benm>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, steveblock
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Patch.
none
Patch (no tabs). none

Ben Murdoch
Reported 2010-11-24 04:46:47 PST
We can early out in the JavaClassV8 constructor if the JVM is unable to load the class. However this leaves m_name uninitialised which is then used in a call to free() in the destructor. Patch to follow.
Attachments
Patch. (2.24 KB, patch)
2010-11-25 05:56 PST, Ben Murdoch 		no flags
DetailsFormatted DiffDiff
Patch (no tabs). (2.25 KB, patch)
2010-11-25 05:57 PST, Ben Murdoch 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ben Murdoch
Comment 1 2010-11-25 05:56:22 PST
Created attachment 74865 [details] Patch.
Ben Murdoch
Comment 2 2010-11-25 05:57:53 PST
Created attachment 74866 [details] Patch (no tabs).
Steve Block
Comment 3 2010-11-25 07:02:13 PST
Comment on attachment 74866 [details] Patch (no tabs). r=me
WebKit Commit Bot
Comment 4 2010-11-25 09:03:42 PST
The commit-queue encountered the following flaky tests while processing attachment 74866 [details]: compositing/iframes/overlapped-nested-iframes.html inspector/elements-panel-xhtml-structure.xhtml Please file bugs against the tests. These tests were authored by apavlov@chromium.org, pfeldman@chromium.org, and simon.fraser@apple.com. The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 5 2010-11-25 10:36:35 PST
Comment on attachment 74866 [details] Patch (no tabs). Clearing flags on attachment: 74866 Committed r72740: <http://trac.webkit.org/changeset/72740>
WebKit Commit Bot
Comment 6 2010-11-25 10:36:40 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.