[Webkit-unassigned] [Bug 258766] New: JSC doesn't thorw TypeError when call Uint8Array without new
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 1 06:28:14 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258766
Bug ID: 258766
Summary: JSC doesn't thorw TypeError when call Uint8Array
without new
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: yuhao.6218 at gmail.com
git commit id: 8cdb27dae2a958f4ad5ff00f4900a7c235835247
```
function opt(f) {
try{
return f(Uint8Array);
}catch(e){
print(e)
}
}
print(opt(opt))
print(opt(opt))
```
run args:
WebKitBuild/Debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.001 test.js
program output:
TypeError: calling Uint8Array constructor without new is invalid
undefined
0,0,0
expected output:
TypeError: calling Uint8Array constructor without new is invalid
undefined
TypeError: calling Uint8Array constructor without new is invalid
undefined
At the last call to the `opt` function, `f` is `UInt8Array`. The engine need to throw an exception instead of creating the array object.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230701/9f2f78dc/attachment.htm>
More information about the webkit-unassigned
mailing list