95859 – [BlackBerry] JavaScriptVariant can crash when operator= is called with itself

RESOLVED FIXED 95859

[BlackBerry] JavaScriptVariant can crash when operator= is called with itself

https://bugs.webkit.org/show_bug.cgi?id=95859

Summary [BlackBerry] JavaScriptVariant can crash when operator= is called with itself

Benjamin Meyer

Reported 2012-09-05 08:39:28 PDT

When JavaScriptVariant contains a string and operator= is called with itself the memory will be free'd in 'this' and then a copy will be attempted from 'that' resulting in a crash.

Attachments
patch (1.73 KB, patch) 2012-09-05 08:55 PDT, Benjamin Meyer	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Benjamin Meyer

Comment 1 2012-09-05 08:55:38 PDT

Created attachment 162261 [details] patch

WebKit Review Bot

Comment 2 2012-09-05 13:58:31 PDT

Comment on attachment 162261 [details] patch Clearing flags on attachment: 162261 Committed r127644: <http://trac.webkit.org/changeset/127644>

WebKit Review Bot

Comment 3 2012-09-05 13:58:34 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Other

OS Other

Product WebKit

Component WebKit BlackBerry

Assignee

Nobody

Reported

2012-09-05 08:39 PDT

Modified

2012-09-05 13:58 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks