[webkit-reviews] review granted: [Bug 202599] InternalFunction::createSubclassStructure should use newTarget's globalObject : [Attachment 396784] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 17 18:21:23 PDT 2020
Yusuke Suzuki <ysuzuki at apple.com> has granted Alexey Shvayka
<shvaikalesh at gmail.com>'s request for review:
Bug 202599: InternalFunction::createSubclassStructure should use newTarget's
globalObject
https://bugs.webkit.org/show_bug.cgi?id=202599
Attachment 396784: Patch
https://bugs.webkit.org/attachment.cgi?id=396784&action=review
--- Comment #31 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 396784
--> https://bugs.webkit.org/attachment.cgi?id=396784
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=396784&action=review
r=me
> Source/JavaScriptCore/runtime/InternalFunction.cpp:157
> + if (auto* boundFunction = jsDynamicCast<JSBoundFunction*>(vm, object))
Use `inherit<JSBoundFunction>` instead of jsDynamicCast. jsDynamicCast uses
`LIKELY()` internally, which means that we are saying that this is likely a
JSBoundFunction. But it is not.
> Source/JavaScriptCore/runtime/InternalFunction.cpp:160
> + if (auto* proxy = jsDynamicCast<ProxyObject*>(vm, object)) {
Ditto.
More information about the webkit-reviews
mailing list