Title: [203299] trunk/Source/_javascript_Core
- Revision
- 203299
- Author
- [email protected]
- Date
- 2016-07-15 14:17:01 -0700 (Fri, 15 Jul 2016)
Log Message
FunctionOverride's parseClause() needs to keep the CString instance in scope while its data is being used.
https://bugs.webkit.org/show_bug.cgi?id=159828
Reviewed by Saam Barati.
Otherwise, we'll have a use after free. This issue was caught when running an
ASan debug build of testapi.
* tools/FunctionOverrides.cpp:
(JSC::parseClause):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (203298 => 203299)
--- trunk/Source/_javascript_Core/ChangeLog 2016-07-15 21:01:45 UTC (rev 203298)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-07-15 21:17:01 UTC (rev 203299)
@@ -1,3 +1,16 @@
+2016-07-15 Mark Lam <[email protected]>
+
+ FunctionOverride's parseClause() needs to keep the CString instance in scope while its data is being used.
+ https://bugs.webkit.org/show_bug.cgi?id=159828
+
+ Reviewed by Saam Barati.
+
+ Otherwise, we'll have a use after free. This issue was caught when running an
+ ASan debug build of testapi.
+
+ * tools/FunctionOverrides.cpp:
+ (JSC::parseClause):
+
2016-07-15 Keith Miller <[email protected]>
%TypedArray%.prototype.indexOf is coercing non-integers or non-floats to numbers wrongly
Modified: trunk/Source/_javascript_Core/tools/FunctionOverrides.cpp (203298 => 203299)
--- trunk/Source/_javascript_Core/tools/FunctionOverrides.cpp 2016-07-15 21:01:45 UTC (rev 203298)
+++ trunk/Source/_javascript_Core/tools/FunctionOverrides.cpp 2016-07-15 21:17:01 UTC (rev 203299)
@@ -205,7 +205,8 @@
terminatorString.append("}");
terminatorString.append(delimiter);
- const char* terminator = terminatorString.ascii().data();
+ CString terminatorCString = terminatorString.ascii();
+ const char* terminator = terminatorCString.data();
line = delimiterEnd; // Start from the {.
StringBuilder builder;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
