[Webkit-unassigned] [Bug 16545] New: KJS::Bindings::Instance type conversions are not safe if multiple language bindings are used
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 20 17:19:49 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16545
Summary: KJS::Bindings::Instance type conversions are not safe if
multiple language bindings are used
Product: WebKit
Version: 525+ (Nightly build)
Platform: PC
OS/Version: All
Status: UNCONFIRMED
Severity: Critical
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: michael.goddard at trolltech.com
If multiple language bindings (Qt, ObjC, JNI etc) are used at the same time,
then there will be RuntimeObjectImps with KJS::Bindings::Instance * that are of
multiple types (e.g. CInstance, QtInstance, JavaInstance).
The type conversion code (JSObject to native object) always assumes that any
RuntimeObjectImp objects are of the same language binding as the conversion
code and can downcast the Instance* to the wrong type, possibly causing crashes
and memory corruption. For example, binding a Qt object to "foo", a Java
object to "bar", and calling a method like "bar.method(foo)" would cast the
QtInstance* for foo to a JavaInstance*.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list