[Webkit-unassigned] [Bug 114450] New: Default Implementation of toString for NPObject shouldn't return NPClass & NPObject address
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 11 09:39:36 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=114450
Summary: Default Implementation of toString for NPObject
shouldn't return NPClass & NPObject address
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ArunPrasadR at nds.com
JSValue CInstance::stringValue(ExecState* exec) const
{
JSValue value;
if (toJSPrimitive(exec, "toString", value))
return value;
// Fallback to default implementation.
char buf[1024];
snprintf(buf, sizeof(buf), "NPObject %p, NPClass %p", _object, _object->_class);
return jsString(exec, buf);
}
In the above toString() default implementation, it leaks address of NPObject & NPClass to JS, it should be something like below,
JSValue CInstance::stringValue(ExecState* exec) const
{
JSValue value;
if (toJSPrimitive(exec, "toString", value))
return value;
// Fallback to default implementation.
return jsString(exec, "NPObject");
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list