Bug 75260

Summary: Null name for host function can result in dereference of uninitialize memory
Product: WebKit Reporter: Gavin Barraclough <barraclough>
Component: JavaScriptCoreAssignee: Gavin Barraclough <barraclough>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fix fpizlo: review+

Description Gavin Barraclough 2011-12-27 10:48:47 PST
This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, we are currently skipping the putDirect, which leaves memory uninitialized.
This patch reverts the aspect of the change that introduced the issue.  It might be better if functions that don't have a name don't have this property at all, but that's change should be separate from fixing the bug.
Comment 1 Gavin Barraclough 2011-12-27 10:59:25 PST
Created attachment 120606 [details]
Fix
Comment 2 Gavin Barraclough 2011-12-27 11:03:05 PST
<rdar://problem/10628279>
Comment 3 Gavin Barraclough 2011-12-27 14:09:46 PST
Fixed in r103728