michael@0: /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: //-----------------------------------------------------------------------------
michael@0: var BUGNUMBER = 390597;
michael@0: var summary = 'watch point + eval-as-setter allows access to dead JSStackFrame';
michael@0: var actual = 'No Crash';
michael@0: var expect = 'No Crash';
michael@0: 
michael@0: 
michael@0: //-----------------------------------------------------------------------------
michael@0: test();
michael@0: //-----------------------------------------------------------------------------
michael@0: 
michael@0: function test()
michael@0: {
michael@0:   enterFunc ('test');
michael@0:   printBugNumber(BUGNUMBER);
michael@0:   printStatus (summary);
michael@0:  
michael@0:   function exploit() {
michael@0:     try
michael@0:     {
michael@0:     var obj = this, args = null;
michael@0:     obj.__defineSetter__("evil", eval);
michael@0:     obj.watch("evil", function() { return "args = arguments;"; });
michael@0:     obj.evil = null;
michael@0:     eval("print(args[0]);");
michael@0:     }
michael@0:     catch(ex)
michael@0:     {
michael@0:       print('Caught ' + ex);
michael@0:     }
michael@0:   }
michael@0:   exploit();
michael@0: 
michael@0:   reportCompare(expect, actual, summary);
michael@0: 
michael@0:   exitFunc ('test');
michael@0: }