Title: [93048] trunk
- Revision
- 93048
- Author
- [email protected]
- Date
- 2011-08-15 11:51:42 -0700 (Mon, 15 Aug 2011)
Log Message
Crash accessing static property on sealed object
https://bugs.webkit.org/show_bug.cgi?id=66242
Reviewed by Sam Weinig.
Source/_javascript_Core:
* runtime/JSObject.h:
(JSC::JSObject::putDirectInternal):
- should only check isExtensible if checkReadOnly.
LayoutTests:
* fast/js/preventExtensions-expected.txt:
* fast/js/script-tests/preventExtensions.js:
- added test case.
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (93047 => 93048)
--- trunk/LayoutTests/ChangeLog 2011-08-15 17:41:34 UTC (rev 93047)
+++ trunk/LayoutTests/ChangeLog 2011-08-15 18:51:42 UTC (rev 93048)
@@ -1,3 +1,14 @@
+2011-08-15 Gavin Barraclough <[email protected]>
+
+ Crash accessing static property on sealed object
+ https://bugs.webkit.org/show_bug.cgi?id=66242
+
+ Reviewed by Sam Weinig.
+
+ * fast/js/preventExtensions-expected.txt:
+ * fast/js/script-tests/preventExtensions.js:
+ - added test case.
+
2011-08-15 Hayato Ito <[email protected]>
Implement proper handling of focusin/focusout events in regard to shadow DOM boundaries.
Modified: trunk/LayoutTests/fast/js/preventExtensions-expected.txt (93047 => 93048)
--- trunk/LayoutTests/fast/js/preventExtensions-expected.txt 2011-08-15 17:41:34 UTC (rev 93047)
+++ trunk/LayoutTests/fast/js/preventExtensions-expected.txt 2011-08-15 18:51:42 UTC (rev 93048)
@@ -13,6 +13,7 @@
PASS Object.preventExtensions(Math.sin) is Math.sin
PASS var o = {}; Object.preventExtensions(o); o.__proto__ = { newProp: "Should not see this" }; o.newProp; is undefined.
PASS "use strict"; var o = {}; Object.preventExtensions(o); o.__proto__ = { newProp: "Should not see this" }; threw exception TypeError: Attempted to assign to readonly property..
+PASS Object.preventExtensions(Math); Math.sqrt(4) is 2
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/fast/js/script-tests/preventExtensions.js (93047 => 93048)
--- trunk/LayoutTests/fast/js/script-tests/preventExtensions.js 2011-08-15 17:41:34 UTC (rev 93047)
+++ trunk/LayoutTests/fast/js/script-tests/preventExtensions.js 2011-08-15 18:51:42 UTC (rev 93048)
@@ -71,4 +71,7 @@
shouldBeUndefined('var o = {}; Object.preventExtensions(o); o.__proto__ = { newProp: "Should not see this" }; o.newProp;');
shouldThrow('"use strict"; var o = {}; Object.preventExtensions(o); o.__proto__ = { newProp: "Should not see this" };');
+// check that we can still access static properties on an object after calling preventExtensions.
+shouldBe('Object.preventExtensions(Math); Math.sqrt(4)', '2');
+
successfullyParsed = true;
\ No newline at end of file
Modified: trunk/Source/_javascript_Core/ChangeLog (93047 => 93048)
--- trunk/Source/_javascript_Core/ChangeLog 2011-08-15 17:41:34 UTC (rev 93047)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-08-15 18:51:42 UTC (rev 93048)
@@ -1,3 +1,14 @@
+2011-08-15 Gavin Barraclough <[email protected]>
+
+ Crash accessing static property on sealed object
+ https://bugs.webkit.org/show_bug.cgi?id=66242
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ - should only check isExtensible if checkReadOnly.
+
2011-08-15 Sam Weinig <[email protected]>
Fix release build when building with Clang.
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (93047 => 93048)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2011-08-15 17:41:34 UTC (rev 93047)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2011-08-15 18:51:42 UTC (rev 93048)
@@ -633,7 +633,7 @@
return true;
}
- if (!isExtensible())
+ if (checkReadOnly && !isExtensible())
return false;
size_t currentCapacity = m_structure->propertyStorageCapacity();
@@ -697,7 +697,7 @@
return true;
}
- if (!isExtensible())
+ if (checkReadOnly && !isExtensible())
return false;
Structure* structure = Structure::addPropertyTransition(globalData, m_structure.get(), propertyName, attributes, specificFunction, offset);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
