RESOLVED FIXED 169055
REGRESSION(r213222) Possible use after free when setting some string based Options 
https://bugs.webkit.org/show_bug.cgi?id=169055
Summary REGRESSION(r213222) Possible use after free when setting some string based Op...
Michael Saboff
Reported 2017-03-01 14:00:28 PST
Change set r213222 could introduce use after free when setting certain options.
Attachments
Patch (2.33 KB, patch)
2017-03-01 14:08 PST, Michael Saboff 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2017-03-01 14:08:27 PST
Created attachment 303116 [details] Patch
Mark Lam
Comment 2 2017-03-01 14:14:43 PST
Comment on attachment 303116 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=303116&action=review r=me > Source/JavaScriptCore/runtime/Options.cpp:110 > + // FIXME: This could leak if this option is set more than once. > + // Given that Options are typically used for testing, this isn't considered to be a problem. Please add a bugzilla URL for this FIXME. > Source/JavaScriptCore/runtime/Options.cpp:253 > + // FIXME: This could leak if this particular option is set more than once. > + // Given that these options are used for testing, this isn't considered to be problem. Ditto: please add a bugzilla URL.
Michael Saboff
Comment 3 2017-03-01 14:27:18 PST
Committed r213242: <http://trac.webkit.org/changeset/213242>
Note You need to log in before you can comment on or make changes to this bug.