Bug 63885 - Null deref accessing CustomEvent.detail
Summary: Null deref accessing CustomEvent.detail
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Sam Weinig
Keywords: EasyFix, InRadar
Depends on:
Reported: 2011-07-03 20:21 PDT by Sam Weinig
Modified: 2011-07-05 13:51 PDT (History)
0 users

See Also:

Patch (2.92 KB, patch)
2011-07-05 13:07 PDT, Sam Weinig
andersca: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sam Weinig 2011-07-03 20:21:09 PDT
The ScriptValue m_detail in the CustomEvent class is initialized to null (rather than jsNull()) which can lead to a null deref if it is access before calling initCustomEvent.

javascript:alert(document.createEvent("CustomEvent").detail) should do the trick.
Comment 1 Alexey Proskuryakov 2011-07-03 23:34:06 PDT
It does, it does! Repro crash -> P1
Comment 2 Sam Weinig 2011-07-05 13:07:48 PDT
Created attachment 99737 [details]
Comment 3 Sam Weinig 2011-07-05 13:09:42 PDT
Comment 4 Sam Weinig 2011-07-05 13:51:12 PDT
Committed r90405: <http://trac.webkit.org/changeset/90405>