Bug 95859

Summary:

[BlackBerry] JavaScriptVariant can crash when operator= is called with itself

Product:

WebKit

Reporter:

Benjamin Meyer <ben>

Component:

WebKit BlackBerry

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

mifenton, tonikitoo, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

Other

Attachments:

Description	Flags
patch	none

Benjamin Meyer

Reported 2012-09-05 08:39:28 PDT

When JavaScriptVariant contains a string and operator= is called with itself the memory will be free'd in 'this' and then a copy will be attempted from 'that' resulting in a crash.

Attachments
patch (1.73 KB, patch) 2012-09-05 08:55 PDT, Benjamin Meyer	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Benjamin Meyer

Comment 1 2012-09-05 08:55:38 PDT

Created attachment 162261 [details] patch

WebKit Review Bot

Comment 2 2012-09-05 13:58:31 PDT

Comment on attachment 162261 [details] patch Clearing flags on attachment: 162261 Committed r127644: <http://trac.webkit.org/changeset/127644>

WebKit Review Bot

Comment 3 2012-09-05 13:58:34 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.