git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6372e0c) | patch
Stack overflow crash in JSC::JSObject::hasInstance.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 9 Mar 2019 01:10:33 +0000 (01:10 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 9 Mar 2019 01:10:33 +0000 (01:10 +0000)
commit943a51be57e5cdb5d5cb927e1893fe55a164d2a9
tree9fe6fe368d54c3425fe4fc070acb852b35902348tree | snapshot
parent6372e0c35720d2c0dae4c233e9e8247166e4ec26commit | diff
Stack overflow crash in JSC::JSObject::hasInstance.
https://bugs.webkit.org/show_bug.cgi?id=195458
<rdar://problem/48710195>

Reviewed by Yusuke Suzuki.

JSTests:

* stress/stack-overflow-in-custom-hasInstance.js: Added.

Source/JavaScriptCore:

* runtime/JSObject.cpp:
(JSC::JSObject::hasInstance):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242667 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog diff | blob | history
JSTests/stress/stack-overflow-in-custom-hasInstance.js [new file with mode: 0644] blob
Source/JavaScriptCore/ChangeLog diff | blob | history
Source/JavaScriptCore/runtime/JSObject.cpp diff | blob | history
Mirror of the WebKit open source project from svn.webkit.org.