Adobe Flash MovieClip.localToGlobal Use-After-Free
Posted by deepcore on December 18, 2015 – 9:47 pm
There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called with an integer parameter, the new constructor will get called. If this constructor frees the MovieClip, a use-after-free occurs.
Post a reply
You must be logged in to post a comment.