131137 – Crash when a function is constructed with the string "})({"

Bug 131137 - Crash when a function is constructed with the string "})({"

Summary: Crash when a function is constructed with the string "})({"

Status:	RESOLVED CONFIGURATION CHANGED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac OS X 10.9

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-02 16:17 PDT by webkit-bugs
Modified:	2022-07-15 17:35 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
A simple page that will crash the Safari web process. (58 bytes, text/plain) 2014-04-02 16:17 PDT, webkit-bugs	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description webkit-bugs 2014-04-02 16:17:20 PDT

Created attachment 228440 [details]
A simple page that will crash the Safari web process.

When using the Function constructor to create a function with the string "})({", the invoking process will crash.  When using a string such as "})str({", an error is thrown instead. Changing it to  "});str({" will again cause a crash.

Comment 1 Mark S. Miller 2014-08-14 14:18:34 PDT

Is this a duplicate of https://bugs.webkit.org/show_bug.cgi?id=106160 ?

Comment 2 Mark S. Miller 2014-08-14 14:49:30 PDT

See also https://groups.google.com/forum/#!topic/google-caja-discuss/KWRNYko_pQo

Comment 3 Mark S. Miller 2021-05-07 12:49:57 PDT

This is apparently a dup of a closed bug, as explained in a previous message. Should this be closed?

Comment 4 Alexey Proskuryakov 2022-07-15 17:35:09 PDT

The test is gone, so one way or another, there is nothing to do.