63885 – Null deref accessing CustomEvent.detail

RESOLVED FIXED 63885

Null deref accessing CustomEvent.detail

https://bugs.webkit.org/show_bug.cgi?id=63885

Summary Null deref accessing CustomEvent.detail

Sam Weinig

Reported 2011-07-03 20:21:09 PDT

The ScriptValue m_detail in the CustomEvent class is initialized to null (rather than jsNull()) which can lead to a null deref if it is access before calling initCustomEvent. javascript:alert(document.createEvent("CustomEvent").detail) should do the trick.

Attachments
Patch (2.92 KB, patch) 2011-07-05 13:07 PDT, Sam Weinig	andersca: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2011-07-03 23:34:06 PDT

It does, it does! Repro crash -> P1

Sam Weinig

Comment 2 2011-07-05 13:07:48 PDT

Created attachment 99737 [details] Patch

Sam Weinig

Comment 3 2011-07-05 13:09:42 PDT

<rdar://problem/9724577>

Sam Weinig

Comment 4 2011-07-05 13:51:12 PDT

Committed r90405: <http://trac.webkit.org/changeset/90405>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component DOM

Assignee

Sam Weinig

Reported

2011-07-03 20:21 PDT

Modified

2011-07-05 13:51 PDT History

CC List

0 users

URL

Keywords EasyFix, InRadar

Depends on

Blocks