Changeset 127644 in webkit


Ignore:
Timestamp:
Sep 5, 2012 1:58:54 PM (12 years ago)
Author:
commit-queue@webkit.org
Message:

[BlackBerry] JavaScriptVariant can crash when operator= is called with itself
https://bugs.webkit.org/show_bug.cgi?id=95859

Patch by Benjamin C Meyer <bmeyer@rim.com> on 2012-09-05
Reviewed by George Staikos.

  • Api/JavaScriptVariant.cpp:

(BlackBerry::WebKit::JavaScriptVariant::operator=):
When JavaScriptVariant contains a string and operator= is
called with itself the memory will be free'd in 'this' and
then a copy will be attempted from 'that' resulting in a crash.

Location:
trunk/Source/WebKit/blackberry
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/blackberry/Api/JavaScriptVariant.cpp

    r125324 r127644  
    148148JavaScriptVariant& JavaScriptVariant::operator=(const JavaScriptVariant& v)
    149149{
     150    if (&v == this)
     151        return *this;
     152
    150153    switch (v.type()) {
    151154    case Boolean:

  • trunk/Source/WebKit/blackberry/ChangeLog

    r127628 r127644  
     12012-09-05  Benjamin C Meyer  <bmeyer@rim.com>
     2
     3        [BlackBerry] JavaScriptVariant can crash when operator= is called with itself
     4        https://bugs.webkit.org/show_bug.cgi?id=95859
     5
     6        Reviewed by George Staikos.
     7
     8        * Api/JavaScriptVariant.cpp:
     9        (BlackBerry::WebKit::JavaScriptVariant::operator=):
     10        When JavaScriptVariant contains a string and operator= is
     11        called with itself the memory will be free'd in 'this' and
     12        then a copy will be attempted from 'that' resulting in a crash.
     13
    1142012-09-05  Leo Yang  <leoyang@rim.com>
    215
Note: See TracChangeset for help on using the changeset viewer.