[Webkit-unassigned] [Bug 172957] New: null pointer dereference
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 5 21:48:43 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=172957
Bug ID: 172957
Summary: null pointer dereference
Product: WebKit
Version: Safari 10
Hardware: Macintosh
OS: macOS 10.12
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: zhunkibatu at gmail.com
the following sample can crash safari 10.1.
class A { };
class B extends A {
constructor(a, b) {
var f = () => b ? this : {};
if (a) {
var val = f() == super();
} else {
super();
var val = f();
}
}
};
for (var i=0; i < 10000; i++) {
try {
new B(true, true);
} catch (e) {
}
var a = new B(false, true);
var c = new B(true, false);
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170606/36586404/attachment.html>
More information about the webkit-unassigned
mailing list