Bug 95859

Summary:

[BlackBerry] JavaScriptVariant can crash when operator= is called with itself

Product:

WebKit

Reporter:

Benjamin Meyer <ben>

Component:

WebKit BlackBerry

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

mifenton, tonikitoo, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

Other

Attachments:

Description	Flags
patch	none

Description Benjamin Meyer 2012-09-05 08:39:28 PDT

When JavaScriptVariant contains a string and operator= is called with itself the memory will be free'd in 'this' and then a copy will be attempted from 'that' resulting in a crash.

Comment 1 Benjamin Meyer 2012-09-05 08:55:38 PDT

Created attachment 162261 [details]
patch

Comment 2 WebKit Review Bot 2012-09-05 13:58:31 PDT

Comment on attachment 162261 [details]
patch

Clearing flags on attachment: 162261

Committed r127644: <http://trac.webkit.org/changeset/127644>

Comment 3 WebKit Review Bot 2012-09-05 13:58:34 PDT

All reviewed patches have been landed.  Closing bug.