[Webkit-unassigned] [Bug 131137] New: Safari will crash when a function is constructed with the string "})({"

Wed Apr 2 16:17:00 PDT 2014

https://bugs.webkit.org/show_bug.cgi?id=131137

           Summary: Safari will crash when a function is constructed with
                    the string "})({"
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.9
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: webkit-bugs at toggleable.com

Created an attachment (id=228440)
 --> (https://bugs.webkit.org/attachment.cgi?id=228440&action=review)
A simple page that will crash the Safari web process.

When using the Function constructor to create a function with the string "})({", the invoking process will crash.  When using a string such as "})str({", an error is thrown instead. Changing it to  "});str({" will again cause a crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.