[Webkit-unassigned] [Bug 25567] Crash when writing into a detached TITLE element
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 10 00:55:28 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=25567
SkyLined <skylined at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|Security-Sensitive |
--- Comment #8 from SkyLined <skylined at chromium.org> 2010-03-10 00:55:28 PST ---
The stack I reported earlier (which seemed to suggest memory corruption) is
probably misleading because I used bad symbols - the offsets in the functions
are too large for a decent stack.
So, I loaded the repro in Chrome 100 times to see what crashes I got 100 hits
for the NULL pointer. I think it's safe to say that this is a reliable crash
and not exploitable, so I am removing the security label.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list