[Webkit-unassigned] [Bug 181185] New: Asan UAF crash

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=181185

            Bug ID: 181185
           Summary: Asan UAF crash
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: macOS 10.13
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: zhanghanming at 360.cn

Created attachment 330240

  --> https://bugs.webkit.org/attachment.cgi?id=330240&action=review

poc for trigger this issue

I would like to submit a Use-After-Free issue for webkit.
For this is a UAF issue, so I set severity to Critical.If it is not a critical issue, feel free to change it.
If you need any further infomation to reproduce this issue, please let me know.

My test environment:
    a release-asan build webkit (build from 12-29 github source code) and it's version is 11.0.2 (13604.4.7.1.3, 605+)

step to reproduce this issue:
    1. download attached poc.html.
    2. open it with a release-asan build webkit.
    3. asan should detect a UAF happened.

attached file:
    1. poc.html -- a html file will demo this issue.
    2. asan.txt -- asan output on my local test environment.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171229/ea1999dd/attachment.html>