[Webkit-unassigned] [Bug 52514] New: [jsfunfuzz] Assertion in exception handling

Sat Jan 15 11:58:13 PST 2011

https://bugs.webkit.org/show_bug.cgi?id=52514

           Summary: [jsfunfuzz] Assertion in exception handling
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: oliver at apple.com
                CC: ggaren at apple.com, jruderman at gmail.com,
                    barraclough at apple.com
            Blocks: 13638

Testcase reduced to

tryItOut("(\"\")()")
tryItOut("\"use strict\";(x-(eval=u))")

Assertion implies completely bogus exception address.  We handle this but i've seen assertions like this sufficiently frequently to believe that some opcode is doing the wrong thing wrt to exceptions, so i'm marking as security until proven otherwise.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.