[Webkit-unassigned] [Bug 200388] New: a null pointer deref in DFGCFGSimplificationPhase.cpp
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 2 03:43:10 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200388
Bug ID: 200388
Summary: a null pointer deref in DFGCFGSimplificationPhase.cpp
Product: WebKit
Version: WebKit Local Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: zhunkibatu at gmail.com
the following poc can trigger an null pointer deref in DFGCFGSimplificationPhase.cpp
function foo(x) {
switch (x) {
case "a":
case "a":
case "a":
for (let j = 0; j <100; j++) {
let j=foo(j);
}
default:
return 2;
}
}
for (let i = 0; i <100000; i++) {
foo("ab");
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190802/23c5a6eb/attachment.html>
More information about the webkit-unassigned
mailing list