95859 – [BlackBerry] JavaScriptVariant can crash when operator= is called with itself

Bug 95859 - [BlackBerry] JavaScriptVariant can crash when operator= is called with itself

Summary: [BlackBerry] JavaScriptVariant can crash when operator= is called with itself

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit BlackBerry (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Other Other

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-09-05 08:39 PDT by Benjamin Meyer
Modified:	2012-09-05 13:58 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
patch (1.73 KB, patch) 2012-09-05 08:55 PDT, Benjamin Meyer	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Benjamin Meyer 2012-09-05 08:39:28 PDT

When JavaScriptVariant contains a string and operator= is called with itself the memory will be free'd in 'this' and then a copy will be attempted from 'that' resulting in a crash.

Comment 1 Benjamin Meyer 2012-09-05 08:55:38 PDT

Created attachment 162261 [details]
patch

Comment 2 WebKit Review Bot 2012-09-05 13:58:31 PDT

Comment on attachment 162261 [details]
patch

Clearing flags on attachment: 162261

Committed r127644: <http://trac.webkit.org/changeset/127644>

Comment 3 WebKit Review Bot 2012-09-05 13:58:34 PDT

All reviewed patches have been landed.  Closing bug.