119281 – GetByVal on Arguments does the wrong size load when checking the Arguments object length

RESOLVED FIXED 119281

GetByVal on Arguments does the wrong size load when checking the Arguments object length

https://bugs.webkit.org/show_bug.cgi?id=119281

Summary GetByVal on Arguments does the wrong size load when checking the Arguments ob...

Mark Hahnenberg

Reported 2013-07-30 15:27:53 PDT

This leads to out of bounds accesses and subsequent crashes. Patch on its way.

Attachments
Patch (4.73 KB, patch) 2013-07-30 15:29 PDT, Mark Hahnenberg	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2013-07-30 15:29:44 PDT

Geoffrey Garen

Comment 2 2013-07-30 15:32:11 PDT

Geoffrey Garen

Comment 3 2013-07-30 15:33:17 PDT

Mark Hahnenberg

Comment 4 2013-07-30 15:40:42 PDT

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Hahnenberg

Reported

2013-07-30 15:27 PDT

Modified

2013-07-30 15:40 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks