Bug 64155

Summary: Web Inspector: typing undefined = 1 in console crashes browser
Product: WebKit Reporter: Yury Semikhatsky <yurys>
Component: Web Inspector (Deprecated)Assignee: Yury Semikhatsky <yurys>
Status: RESOLVED FIXED    
Severity: Normal CC: apavlov, bweinstein, joepeck, keishi, loislo, pfeldman, pmuellr, rik, timothy, yurys
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch pfeldman: review+

Yury Semikhatsky
Reported 2011-07-08 02:23:59 PDT
What steps will reproduce the problem? 1. Open the JavaScript console (Ctrl-Shift-J) 2. Type "undefined = this" without the quotes 3. Type "undefined = 1" without the quotes Original Chromium bug: crbug.com/88414
Attachments
Patch (5.78 KB, patch)
2011-07-08 02:54 PDT, Yury Semikhatsky 		pfeldman: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yury Semikhatsky
Comment 1 2011-07-08 02:41:36 PDT
It is not necessarily undefined=this; right hand side value may be any object with cyclic reference, so the steps could be changed to: 1. Open the JavaScript console (Ctrl-Shift-J) 2. Type "var x = {a:1}; x.self = x; undefined = x;" without the quotes 3. Type "unknownVar" without the quotes
Yury Semikhatsky
Comment 2 2011-07-08 02:54:32 PDT
Created attachment 100098 [details] Patch
Pavel Feldman
Comment 3 2011-07-08 03:10:05 PDT
Comment on attachment 100098 [details] Patch How do we make sure undefined is not used? Declare "var trueUndefined" in the top of the file?
Alexander Pavlov (apavlov)
Comment 4 2011-07-08 03:12:52 PDT
Comment on attachment 100098 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=100098&action=review > Source/WebCore/inspector/InjectedScriptSource.js:456 > + // Avoid explicit assignment to undefined as its value can be overriden (see crbug.com/88414). ..overridden..
Yury Semikhatsky
Comment 5 2011-07-08 03:13:30 PDT
Committed r90614: <http://trac.webkit.org/changeset/90614>
Yury Semikhatsky
Comment 6 2011-07-08 03:14:42 PDT
(In reply to comment #3) > (From update of attachment 100098 [details]) > How do we make sure undefined is not used? Declare "var trueUndefined" in the top of the file? I don't see a good way to achieve this without affecting the application that decided to modify undefined value.
Yury Semikhatsky
Comment 7 2011-07-08 03:16:01 PDT
(In reply to comment #6) > (In reply to comment #3) > > (From update of attachment 100098 [details] [details]) > > How do we make sure undefined is not used? Declare "var trueUndefined" in the top of the file? > > I don't see a good way to achieve this without affecting the application that decided to modify undefined value. We could emulate worst-case conditions in all tests(override JSON object, undefined value and whatever we need).
Note You need to log in before you can comment on or make changes to this bug.