Ignore:
Timestamp:
Jul 15, 2016, 2:17:01 PM (9 years ago)
Author:
[email protected]
Message:

FunctionOverride's parseClause() needs to keep the CString instance in scope while its data is being used.
https://bugs.webkit.org/show_bug.cgi?id=159828

Reviewed by Saam Barati.

Otherwise, we'll have a use after free. This issue was caught when running an
ASan debug build of testapi.

  • tools/FunctionOverrides.cpp:

(JSC::parseClause):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/tools/FunctionOverrides.cpp

    r202737 r203299  
    206206    terminatorString.append(delimiter);
    207207
    208     const char* terminator = terminatorString.ascii().data();
     208    CString terminatorCString = terminatorString.ascii();
     209    const char* terminator = terminatorCString.data();
    209210    line = delimiterEnd; // Start from the {.
    210211
Note: See TracChangeset for help on using the changeset viewer.