Skip to site navigation (Press enter)

[webkit-changes] [248217] releases/WebKitGTK/webkit-2.24

mcatanzaro Sat, 03 Aug 2019 20:23:48 -0700

Title: [248217] releases/WebKitGTK/webkit-2.24

Revision: 248217
Author: [email protected]
Date: 2019-08-03 20:22:33 -0700 (Sat, 03 Aug 2019)

Log Message

Merge r244950 - TypedArrays should not store properties that are canonical numeric indices
https://bugs.webkit.org/show_bug.cgi?id=197228
<rdar://problem/49557381>


Patch by Tadeu Zagallo <[email protected]> on 2019-05-04
Reviewed by Saam Barati.

JSTests:

* stress/array-species-config-array-constructor.js:
(test):
* stress/put-direct-index-broken-2.js:
* stress/typed-array-canonical-numeric-index-string.js: Added.
(makeTest.assert):
(makeTest):
(const.testInvalidIndices.makeTest.set assert):
(const.testInvalidIndices.makeTest):
(const.makeTestValidIndex.configurable.set assert):
(const.makeTestValidIndex.configurable):
* stress/typedarray-access-monomorphic-neutered.js:
(checkNoException):
(testNoException):
(testFTLNoException):
* stress/typedarray-access-neutered.js:
(testNoException):
* stress/typedarray-getownproperty-not-configurable.js:
(foo):
* test262/expectations.yaml:

Source/_javascript_Core:

According to the spec[1]:
- TypedArrays should not perform an ordinary GetOwnProperty/SetOwnProperty if the index is a
CanonicalNumericIndexString, but invalid according to IntegerIndexedElementGet and similar
functions. I.e., there are a few properties that should not be set in a TypedArray, like NaN,
Infinity and -0.
- On DefineOwnProperty, the out-of-bounds check should be performed before validating the property
descriptor.
- On GetOwnProperty, the returned descriptor for numeric properties should have writable set to true.

[1]: https://www.ecma-international.org/ecma-262/9.0/index.html#sec-integer-indexed-exotic-objects-defineownproperty-p-desc

* CMakeLists.txt:
* _javascript_Core.xcodeproj/project.pbxproj:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
(JSC::JSGenericTypedArrayView<Adaptor>::put):
(JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
* runtime/PropertyName.h:
(JSC::isCanonicalNumericIndexString):

LayoutTests:

* fast/canvas/canvas-ImageData-behaviour-expected.txt:
* fast/canvas/canvas-ImageData-behaviour.js:

Modified Paths

releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog
releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog

Diff

Modified: releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog (248216 => 248217)


--- releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog	2019-08-04 03:22:30 UTC (rev 248216)
+++ releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog	2019-08-04 03:22:33 UTC (rev 248217)
@@ -1,3 +1,31 @@
+2019-05-04  Tadeu Zagallo  <[email protected]>
+
+        TypedArrays should not store properties that are canonical numeric indices
+        https://bugs.webkit.org/show_bug.cgi?id=197228
+        <rdar://problem/49557381>
+
+        Reviewed by Saam Barati.
+
+        * stress/array-species-config-array-constructor.js:
+        (test):
+        * stress/put-direct-index-broken-2.js:
+        * stress/typed-array-canonical-numeric-index-string.js: Added.
+        (makeTest.assert):
+        (makeTest):
+        (const.testInvalidIndices.makeTest.set assert):
+        (const.testInvalidIndices.makeTest):
+        (const.makeTestValidIndex.configurable.set assert):
+        (const.makeTestValidIndex.configurable):
+        * stress/typedarray-access-monomorphic-neutered.js:
+        (checkNoException):
+        (testNoException):
+        (testFTLNoException):
+        * stress/typedarray-access-neutered.js:
+        (testNoException):
+        * stress/typedarray-getownproperty-not-configurable.js:
+        (foo):
+        * test262/expectations.yaml:
+
 2019-04-07  Yusuke Suzuki  <[email protected]>
 
         [JSC] CallLinkInfo should clear Callee or CodeBlock even if it is unlinked by jettison

Modified: releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog (248216 => 248217)


--- releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog	2019-08-04 03:22:30 UTC (rev 248216)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog	2019-08-04 03:22:33 UTC (rev 248217)
@@ -1,3 +1,14 @@
+2019-05-04  Tadeu Zagallo  <[email protected]>
+
+        TypedArrays should not store properties that are canonical numeric indices
+        https://bugs.webkit.org/show_bug.cgi?id=197228
+        <rdar://problem/49557381>
+
+        Reviewed by Saam Barati.
+
+        * fast/canvas/canvas-ImageData-behaviour-expected.txt:
+        * fast/canvas/canvas-ImageData-behaviour.js:
+
 2019-06-10  Daniel Bates  <[email protected]>
 
         [CSP] Blob URLs should inherit their CSP policy

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog (248216 => 248217)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-08-04 03:22:30 UTC (rev 248216)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-08-04 03:22:33 UTC (rev 248217)
@@ -1,3 +1,33 @@
+2019-05-04  Tadeu Zagallo  <[email protected]>
+
+        TypedArrays should not store properties that are canonical numeric indices
+        https://bugs.webkit.org/show_bug.cgi?id=197228
+        <rdar://problem/49557381>
+
+        Reviewed by Saam Barati.
+
+        According to the spec[1]:
+        - TypedArrays should not perform an ordinary GetOwnProperty/SetOwnProperty if the index is a
+        CanonicalNumericIndexString, but invalid according to IntegerIndexedElementGet and similar
+        functions. I.e., there are a few properties that should not be set in a TypedArray, like NaN,
+        Infinity and -0.
+        - On DefineOwnProperty, the out-of-bounds check should be performed before validating the property
+        descriptor.
+        - On GetOwnProperty, the returned descriptor for numeric properties should have writable set to true.
+
+        [1]: https://www.ecma-international.org/ecma-262/9.0/index.html#sec-integer-indexed-exotic-objects-defineownproperty-p-desc
+
+        * CMakeLists.txt:
+        * _javascript_Core.xcodeproj/project.pbxproj:
+        * runtime/JSGenericTypedArrayViewInlines.h:
+        (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
+        (JSC::JSGenericTypedArrayView<Adaptor>::put):
+        (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
+        (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):
+        (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
+        * runtime/PropertyName.h:
+        (JSC::isCanonicalNumericIndexString):
+
 2019-04-07  Yusuke Suzuki  <[email protected]>
 
         [JSC] CallLinkInfo should clear Callee or CodeBlock even if it is unlinked by jettison

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes