[Webkit-unassigned] [Bug 48485] Crash in Function.prototype.call.apply
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 3 14:16:37 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=48485
--- Comment #5 from Oliver Hunt <oliver at apple.com> 2010-11-03 14:16:37 PST ---
I don't see any error in load_varargs, i see the badness in call_varargs, the callframe register is extended to include the registerOffset, but loadvarargs has not bounds checked that extension, only the space for arguments.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list