WebKit - Use-After-Free when Resuming Generator
WebKit - Use-After-Free when Resuming Generator !-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state = this.@generatorStat...