Bug 63885

Summary:

Null deref accessing CustomEvent.detail

Product:

WebKit

Reporter:

Sam Weinig <sam>

Component:

DOM

Assignee:

Sam Weinig <sam>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

EasyFix, InRadar

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	andersca: review+

Sam Weinig

Reported 2011-07-03 20:21:09 PDT

The ScriptValue m_detail in the CustomEvent class is initialized to null (rather than jsNull()) which can lead to a null deref if it is access before calling initCustomEvent. javascript:alert(document.createEvent("CustomEvent").detail) should do the trick.

Attachments
Patch (2.92 KB, patch) 2011-07-05 13:07 PDT, Sam Weinig	andersca: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2011-07-03 23:34:06 PDT

It does, it does! Repro crash -> P1

Sam Weinig

Comment 2 2011-07-05 13:07:48 PDT

Created attachment 99737 [details] Patch

Sam Weinig

Comment 3 2011-07-05 13:09:42 PDT

<rdar://problem/9724577>

Sam Weinig

Comment 4 2011-07-05 13:51:12 PDT

Committed r90405: <http://trac.webkit.org/changeset/90405>

Note You need to log in before you can comment on or make changes to this bug.