159828 – FunctionOverride's parseClause() needs to keep the CString instance in scope while its data is being used.

RESOLVED FIXED 159828

FunctionOverride's parseClause() needs to keep the CString instance in scope while its data is being used.

https://bugs.webkit.org/show_bug.cgi?id=159828

Summary FunctionOverride's parseClause() needs to keep the CString instance in scope ...

Mark Lam

Reported 2016-07-15 13:52:43 PDT

Otherwise, we'll have a use after free.

Attachments
proposed patch. (1.42 KB, patch) 2016-07-15 13:56 PDT, Mark Lam	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2016-07-15 13:56:43 PDT

WebKit Commit Bot

Comment 2 2016-07-15 14:17:51 PDT

Comment on attachment 283788 [details] proposed patch. Clearing flags on attachment: 283788 Committed r203299: <http://trac.webkit.org/changeset/203299>

WebKit Commit Bot

Comment 3 2016-07-15 14:17:55 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2016-07-15 13:52 PDT

Modified

2016-07-15 14:17 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks