[webkit-changes] [WebKit/WebKit] 146475: ClonedArguments::isIteratorProtocolFastAndNonObser...
EWS
noreply at github.com
Fri Feb 10 21:40:48 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 146475121307d0b5b693cea140a2974e542b88b3
https://github.com/WebKit/WebKit/commit/146475121307d0b5b693cea140a2974e542b88b3
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-02-10 (Fri, 10 Feb 2023)
Changed paths:
A JSTests/stress/spread-arguments-null-proto-no-crash.js
M Source/JavaScriptCore/runtime/ClonedArguments.cpp
Log Message:
-----------
ClonedArguments::isIteratorProtocolFastAndNonObservable() should check didTransition() earlier
https://bugs.webkit.org/show_bug.cgi?id=252083
<rdar://105295643>
Reviewed by Yusuke Suzuki.
This change hoists didTransition() check to prevent nullptr deref crash when calling needsSlowPutIndexing().
* JSTests/stress/spread-arguments-null-proto-no-crash.js: Added.
* Source/JavaScriptCore/runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::isIteratorProtocolFastAndNonObservable):
Canonical link: https://commits.webkit.org/260145@main
More information about the webkit-changes
mailing list