131137 – Crash when a function is constructed with the string "})({"

RESOLVED CONFIGURATION CHANGED 131137

Crash when a function is constructed with the string "})({"

https://bugs.webkit.org/show_bug.cgi?id=131137

Summary Crash when a function is constructed with the string "})({"

webkit-bugs

Reported 2014-04-02 16:17:20 PDT

Created attachment 228440 [details] A simple page that will crash the Safari web process. When using the Function constructor to create a function with the string "})({", the invoking process will crash. When using a string such as "})str({", an error is thrown instead. Changing it to "});str({" will again cause a crash.

Attachments
A simple page that will crash the Safari web process. (58 bytes, text/plain) 2014-04-02 16:17 PDT, webkit-bugs	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Mark S. Miller

Comment 1 2014-08-14 14:18:34 PDT

Is this a duplicate of https://bugs.webkit.org/show_bug.cgi?id=106160 ?

Mark S. Miller

Comment 2 2014-08-14 14:49:30 PDT

See also https://groups.google.com/forum/#!topic/google-caja-discuss/KWRNYko_pQo

Mark S. Miller

Comment 3 2021-05-07 12:49:57 PDT

This is apparently a dup of a closed bug, as explained in a previous message. Should this be closed?

Alexey Proskuryakov

Comment 4 2022-07-15 17:35:09 PDT

The test is gone, so one way or another, there is nothing to do.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution CONFIGURATION CHANGED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.9

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2014-04-02 16:17 PDT

Modified

2022-07-15 17:35 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks