Details
-
Bug
-
Resolution: Done
-
Major - P3
-
3.1.7
-
Fully Compatible
-
ALL
-
Platform 9 (09/18/15)
Description
It is possible to get and set arbitrary C++ pointers in private fields on JS objects. It is possible to create an object which appears to be a type which had a field set, but wasn't created as such. Using functions on it which access these fields can result in a crash.