[Webkit-unassigned] [Bug 135322] REGRESSION: JSObjectSetPrototype() does not work on result of JSGetGlobalObject()

Mon Jul 28 09:35:17 PDT 2014

https://bugs.webkit.org/show_bug.cgi?id=135322

--- Comment #1 from Mark Hahnenberg <mhahnenberg at apple.com>  2014-07-28 09:35:30 PST ---
Thank you for the very detailed bug report! 

The prototype chain of the JSProxy object should match that of the JSGlobalObject. Until recently, there was a bug in JSGlobalContextCreate that caused the two to have different prototype chains (see bug 135250).

I think you've identified a separate but related issue with JSObjectSetPrototype which doesn't correctly account for JSProxies. It should be an easy fix. We should also audit the rest of the C API to check that we correctly handle JSProxies in all other situations.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.