Open
Bug 860277
Opened 11 years ago
Updated 2 years ago
IonMonkey: Bail on "eval" if eval's input contains "eval"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
NEW
People
(Reporter: djvj, Unassigned)
References
Details
IonMonkey compiles frames containing eval, but bails if the eval is reached and its input string contains "arguments" (checked via strstr), since ion doesn't support arguments objects. However, that can happen indirectly via: eval("eval('arg'+'uments')"); which wont trigger the strstr. So the strstr should also check for "eval" within the eval input, and bail if it's found. That should cover all cases.
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•