43549 – cross_fuzz: setTimeout/postMessage NULL pointer

RESOLVED DUPLICATE of bug 45882 Bug 43549

cross_fuzz: setTimeout/postMessage NULL pointer

https://bugs.webkit.org/show_bug.cgi?id=43549

Summary cross_fuzz: setTimeout/postMessage NULL pointer

Berend-Jan Wever

Reported 2010-08-05 03:05:53 PDT

Created attachment 63569 [details] Repro When using the postMessage functions as an argument to the setTimeout/setInterval functions, it gets called without any arguments or "this" object. This is not handled gracefully and causes a NULL deref and subsequent crash: <script> setTimeout(window.postMessage); </script> id: WebCore::Frame::domWindow ReadAV@NULL (f8cd71f24fff11a7dbb6a39e738fe929) description: Attempt to read from NULL pointer (+0x330) in WebCore::Frame::domWindow stack: WebCore::Frame::domWindow WebCore::V8DOMWindow::postMessageCallback v8::internal::HandleApiCallHelper<...> v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call ...

Attachments
Repro (50 bytes, text/html) 2010-08-05 03:05 PDT, Berend-Jan Wever	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Berend-Jan Wever

Comment 1 2011-02-17 04:04:17 PST

*** This bug has been marked as a duplicate of bug 45882 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 45882

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows Vista

Product WebKit

Component DOM

Assignee

Nobody

Reported

2010-08-05 03:05 PDT

Modified

2011-02-17 04:04 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks