[Webkit-unassigned] [Bug 155563] [JSC] correctly handle indexed properties in Object.getOwnPropertyDescriptors
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 17 08:52:37 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=155563
Saam Barati <sbarati at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #274287|review?, commit-queue? |review+, commit-queue-
Flags| |
--- Comment #7 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 274287
--> https://bugs.webkit.org/attachment.cgi?id=274287
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=274287&action=review
> Source/JavaScriptCore/runtime/ObjectConstructor.cpp:253
> + JSObject::put(descriptors, exec, propertyName, fromDescriptor, slot);
You need an exception check here.
An exception check is also needed above
after constructEmptyObject(). I suggest
caching the VM in a local variable and checking
VM.exception()
> Source/JavaScriptCore/tests/es6/Object_static_methods_Object.getOwnPropertyDescriptors-proxy.js:17
> }
Can we also add a test where the lack of an exception
check above is observable? I think it's probably doable
by having a setter/getter on Object.prototype that both
throw.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160317/255a9480/attachment-0001.html>
More information about the webkit-unassigned
mailing list