[v8-dev] Issue 2284 in v8: Calling %constructor() on the builtins global object causes crashes

codesite-noreply Mon, 13 Aug 2012 04:56:05 -0700

Status: Accepted
Owner: [email protected]
CC: [email protected],  [email protected]
Labels: Type-Bug Priority-Medium V8Fuzzer

New issue 2284 by [email protected]: Calling %constructor() on thebuiltins global object causes crashes

http://code.google.com/p/v8/issues/detail?id=2284

The "constructor" property on prototype of the builtins global object isset to a constructor function with illegal code. Calls to this propertydon't throw a TypeError but will crash if natives syntax is allowed. Thefollowing is the reduced test case.


// Flags: --allow-natives-syntax

assertThrows("%constructor();", TypeError);
assertThrows("%constructor(23);", TypeError);

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Issue 2284 in v8: Calling %constructor() on the builtins global object causes crashes

Reply via email to