Status: New
Owner: ----
New issue 1353 by [email protected]: Data corruption by calling generic
Array methods in the context of a String object
http://code.google.com/p/v8/issues/detail?id=1353
After calling [].push.call with a String object as the context, a
subsequent call to [].shift.call with the same String object as the context
results in duplicated keys in that String object. At least it looks like
duplicate keys in the console. I've confirmed this behaviour in Node 0.4.7
(v8 3.1.8) and Chrome 11.0.696.57 on OS X.
A REPL session illustrates things nicely. First off push and pop behave
strangely:
> s = new String('hello')
> [].push.call(s, 'X')
5
> s.toString()
"hello"
> [].pop.call(s)
'o'
> s.toString()
"hello"
> Object.keys(s)
[ '5', '0', '1', '2', '3', '4' ]
> s
{ '5': 'X',
'0': 'h',
'1': 'e',
'2': 'l',
'3': 'l',
'4': 'o' }
And when shift is called it gets really weird:
> [].shift.call(s)
'h'
> s
{ '0': 'h',
'1': 'e',
'2': 'l',
'3': 'l',
'5': 'X',
'0': 'h',
'1': 'e',
'2': 'l',
'3': 'l',
'4': 'o' }
> Object.keys(s)
[ '0',
'1',
'2',
'3',
'5',
'0',
'1',
'2',
'3',
'4' ]
> s.toString()
"hello"
It seems like the shift weirdness is definitely a bug, and the behaviour of
push and pop is at least suspicious / unexpected.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
