[Webkit-unassigned] [Bug 49577] New: Function.prototype should be non-configurable
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 15 21:51:25 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49577
Summary: Function.prototype should be non-configurable
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: barraclough at apple.com
JSC lazily allocates the prototype property of Function objects.
We check the prototype exists on 'get', but not on 'put'.
If you 'put' without having first done a 'get' you can end up with a configurable prototype (prototype should only ever be non-configurable).
This is visible in a couple of ways:
* 'delete' on the property may succeed. (the next access will result in a new, reset prototype object).
* the prototype may be set to a getter.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list