Open Bug 860277 Opened 11 years ago Updated 2 years ago

IonMonkey: Bail on "eval" if eval's input contains "eval"

Tracking

()

Status:

NEW

People

(Reporter: djvj, Unassigned)

References

Details

Kannan Vijayan [:djvj]

Reporter

Description

•

11 years ago

IonMonkey compiles frames containing eval, but bails if the eval is reached and its input string contains "arguments" (checked via strstr), since ion doesn't support arguments objects.

However, that can happen indirectly via:

eval("eval('arg'+'uments')");

which wont trigger the strstr.  So the strstr should also check for "eval" within the eval input, and bail if it's found.  That should cover all cases.

Nobody; OK to take it and work on it

Assignee

Updated

•

10 years ago

Assignee: general → nobody

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

IonMonkey: Bail on "eval" if eval's input contains "eval"

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: djvj, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated