Bug 75260 - Null name for host function can result in dereference of uninitialize memory
Summary: Null name for host function can result in dereference of uninitialize memory
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Gavin Barraclough
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-27 10:48 PST by Gavin Barraclough
Modified: 2011-12-27 14:09 PST (History)
0 users

See Also:


Attachments
Fix (4.14 KB, patch)
2011-12-27 10:59 PST, Gavin Barraclough
fpizlo: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Gavin Barraclough 2011-12-27 10:48:47 PST
This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, we are currently skipping the putDirect, which leaves memory uninitialized.
This patch reverts the aspect of the change that introduced the issue.  It might be better if functions that don't have a name don't have this property at all, but that's change should be separate from fixing the bug.
Comment 1 Gavin Barraclough 2011-12-27 10:59:25 PST
Created attachment 120606 [details]
Fix
Comment 2 Gavin Barraclough 2011-12-27 11:03:05 PST
<rdar://problem/10628279>
Comment 3 Gavin Barraclough 2011-12-27 14:09:46 PST
Fixed in r103728