130279 2014-03-14 19:22:38 -0700 Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when undefined 2014-03-14 23:31:48 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mark.lam mark.lam fpizlo ggaren mhahnenberg mmirman msaboff oliver oldest_to_newest 990784 0 mark.lam 2014-03-14 19:22:38 -0700 If both the getter nor setter are not defined, accessing __lookupGetter__ and __lookupSetter__ will return undefined as expected. However, if the getter is defined but the setter is not, accessing __lookupSetter__ will crash the VM. Similarly, accessing __lookupGetter__ when only the setter is set will crash the VM. The reason is because objectProtoFuncLookupGetter() and objectProtoFuncLookupSetter() did not check if the getter and setter value is non-null before returning it as an EncodedJSValue. The fix is to add the appropriate null checks. ref: <rdar://problem/16316505> 990785 1 226794 mark.lam 2014-03-14 19:29:01 -0700 Created attachment 226794 the patch. 990791 2 226794 fpizlo 2014-03-14 19:52:28 -0700 Comment on attachment 226794 the patch. Awesome. 990835 3 mark.lam 2014-03-14 23:31:48 -0700 Thanks for the review. Landed in r165680: <http://trac.webkit.org/r165680>. 226794 2014-03-14 19:29:01 -0700 2014-03-14 19:52:28 -0700 the patch. bug-130279.patch text/plain 5367 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTY1NjY5KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBA CisyMDE0LTAzLTE0ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBB Y2Nlc3NpbmcgX19sb29rdXBHZXR0ZXJfXyBhbmQgX19sb29rdXBTZXR0ZXJfXyBzaG91bGQgbm90 IGNyYXNoIHRoZSBWTSB3aGVuIHVuZGVmaW5lZC4KKyAgICAgICAgPGh0dHBzOi8vd2Via2l0Lm9y Zy9iLzEzMDI3OT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBJZiBuZWl0aGVyIHRoZSBnZXR0ZXIgbm9yIHNldHRlciBhcmUgZGVmaW5lZCwgYWNjZXNz aW5nIF9fbG9va3VwR2V0dGVyX18KKyAgICAgICAgYW5kIF9fbG9va3VwU2V0dGVyX18gd2lsbCBy ZXR1cm4gdW5kZWZpbmVkIGFzIGV4cGVjdGVkLiAgSG93ZXZlciwgaWYgdGhlCisgICAgICAgIGdl dHRlciBpcyBkZWZpbmVkIGJ1dCB0aGUgc2V0dGVyIGlzIG5vdCwgYWNjZXNzaW5nIF9fbG9va3Vw U2V0dGVyX18gd2lsbAorICAgICAgICBjcmFzaCB0aGUgVk0uICBTaW1pbGFybHksIGFjY2Vzc2lu ZyBfX2xvb2t1cEdldHRlcl9fIHdoZW4gb25seSB0aGUgc2V0dGVyCisgICAgICAgIGlzIGRlZmlu ZWQgd2lsbCBjcmFzaCB0aGUgVk0uCisKKyAgICAgICAgVGhlIHJlYXNvbiBpcyBiZWNhdXNlIG9i amVjdFByb3RvRnVuY0xvb2t1cEdldHRlcigpIGFuZAorICAgICAgICBvYmplY3RQcm90b0Z1bmNM b29rdXBTZXR0ZXIoKSBkaWQgbm90IGNoZWNrIGlmIHRoZSBnZXR0ZXIgYW5kIHNldHRlcgorICAg ICAgICB2YWx1ZSBpcyBub24tbnVsbCBiZWZvcmUgcmV0dXJuaW5nIGl0IGFzIGFuIEVuY29kZWRK U1ZhbHVlLiAgVGhlIGZpeCBpcworICAgICAgICB0byBhZGQgdGhlIGFwcHJvcHJpYXRlIG51bGwg Y2hlY2tzLgorCisgICAgICAgICogcnVudGltZS9PYmplY3RQcm90b3R5cGUuY3BwOgorICAgICAg ICAoSlNDOjpvYmplY3RQcm90b0Z1bmNMb29rdXBHZXR0ZXIpOgorICAgICAgICAoSlNDOjpvYmpl Y3RQcm90b0Z1bmNMb29rdXBTZXR0ZXIpOgorCiAyMDE0LTAzLTE0ICBKb3NlcGggUGVjb3Jhcm8g IDxwZWNvcmFyb0BhcHBsZS5jb20+CiAKICAgICAgICAgV2ViIEluc3BlY3RvcjogR3JhY2VmdWxs eSBoYW5kbGUgbmlsIG5hbWUgLVtKU0NvbnRleHQgc2V0TmFtZTpdCkluZGV4OiBTb3VyY2UvSmF2 YVNjcmlwdENvcmUvcnVudGltZS9PYmplY3RQcm90b3R5cGUuY3BwCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL09iamVjdFByb3RvdHlwZS5jcHAJKHJldmlzaW9u IDE2NTY2OSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL09iamVjdFByb3RvdHlw ZS5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE1Niw4ICsxNTYsMTAgQEAgRW5jb2RlZEpTVmFsdWUg SlNDX0hPU1RfQ0FMTCBvYmplY3RQcm90bwogCiAgICAgUHJvcGVydHlTbG90IHNsb3QodGhpc09i amVjdCk7CiAgICAgaWYgKHRoaXNPYmplY3QtPmdldFByb3BlcnR5U2xvdChleGVjLCBJZGVudGlm aWVyKGV4ZWMsIGV4ZWMtPmFyZ3VtZW50KDApLnRvU3RyaW5nKGV4ZWMpLT52YWx1ZShleGVjKSks IHNsb3QpCi0gICAgICAgICYmIHNsb3QuaXNBY2Nlc3NvcigpKQotICAgICAgICByZXR1cm4gSlNW YWx1ZTo6ZW5jb2RlKHNsb3QuZ2V0dGVyU2V0dGVyKCktPmdldHRlcigpKTsKKyAgICAgICAgJiYg c2xvdC5pc0FjY2Vzc29yKCkpIHsKKyAgICAgICAgSlNPYmplY3QqIGdldHRlciA9IHNsb3QuZ2V0 dGVyU2V0dGVyKCktPmdldHRlcigpOworICAgICAgICByZXR1cm4gZ2V0dGVyID8gSlNWYWx1ZTo6 ZW5jb2RlKGdldHRlcikgOiBKU1ZhbHVlOjplbmNvZGUoanNVbmRlZmluZWQoKSk7CisgICAgfQog CiAgICAgcmV0dXJuIEpTVmFsdWU6OmVuY29kZShqc1VuZGVmaW5lZCgpKTsKIH0KQEAgLTE3MCw4 ICsxNzIsMTAgQEAgRW5jb2RlZEpTVmFsdWUgSlNDX0hPU1RfQ0FMTCBvYmplY3RQcm90bwogCiAg ICAgUHJvcGVydHlTbG90IHNsb3QodGhpc09iamVjdCk7CiAgICAgaWYgKHRoaXNPYmplY3QtPmdl dFByb3BlcnR5U2xvdChleGVjLCBJZGVudGlmaWVyKGV4ZWMsIGV4ZWMtPmFyZ3VtZW50KDApLnRv U3RyaW5nKGV4ZWMpLT52YWx1ZShleGVjKSksIHNsb3QpCi0gICAgICAgICYmIHNsb3QuaXNBY2Nl c3NvcigpKQotICAgICAgICByZXR1cm4gSlNWYWx1ZTo6ZW5jb2RlKHNsb3QuZ2V0dGVyU2V0dGVy KCktPnNldHRlcigpKTsKKyAgICAgICAgJiYgc2xvdC5pc0FjY2Vzc29yKCkpIHsKKyAgICAgICAg SlNPYmplY3QqIHNldHRlciA9IHNsb3QuZ2V0dGVyU2V0dGVyKCktPnNldHRlcigpOworICAgICAg ICByZXR1cm4gc2V0dGVyID8gSlNWYWx1ZTo6ZW5jb2RlKHNldHRlcikgOiBKU1ZhbHVlOjplbmNv ZGUoanNVbmRlZmluZWQoKSk7CisgICAgfQogCiAgICAgcmV0dXJuIEpTVmFsdWU6OmVuY29kZShq c1VuZGVmaW5lZCgpKTsKIH0KSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2NTY2OSkKKysrIExheW91dFRl c3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDE0LTAzLTE0 ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBBY2Nlc3NpbmcgX19s b29rdXBHZXR0ZXJfXyBhbmQgX19sb29rdXBTZXR0ZXJfXyBzaG91bGQgbm90IGNyYXNoIHRoZSBW TSB3aGVuIHVuZGVmaW5lZC4KKyAgICAgICAgPGh0dHBzOi8vd2Via2l0Lm9yZy9iLzEzMDI3OT4K KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIGpzL3By b3BlcnR5LWdldHRlcnMtYW5kLXNldHRlcnMtZXhwZWN0ZWQudHh0OgorICAgICAgICAqIGpzL3Nj cmlwdC10ZXN0cy9wcm9wZXJ0eS1nZXR0ZXJzLWFuZC1zZXR0ZXJzLmpzOgorICAgICAgICAobzEx Lm5ldy5PYmplY3QuZ2V0Qik6CisgICAgICAgIChvMTIubmV3Lk9iamVjdC5zZXRCKToKKwogMjAx NC0wMy0xNCAgQnl1bmdzZW9uIFNoaW4gIDxzdW4uc2hpbkBsZ2UuY29tPgogCiAgICAgICAgIElu Y29ycmVjdCBEYXRlIHJldHVybmVkIGJldHdlZW4gTWFyY2ggMSwgMjAzNCBhbmQgRmVicnVhcnkg MjgsIDIxMDAuCkluZGV4OiBMYXlvdXRUZXN0cy9qcy9wcm9wZXJ0eS1nZXR0ZXJzLWFuZC1zZXR0 ZXJzLWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9qcy9wcm9wZXJ0eS1n ZXR0ZXJzLWFuZC1zZXR0ZXJzLWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMTY1NjY5KQorKysgTGF5 b3V0VGVzdHMvanMvcHJvcGVydHktZ2V0dGVycy1hbmQtc2V0dGVycy1leHBlY3RlZC50eHQJKHdv cmtpbmcgY29weSkKQEAgLTM2LDYgKzM2LDEzIEBAIFBBU1MgbzkuYiBpcyAxMQogdGhlIGdldCBz ZXQgd2l0aCBudW1lcmljIHByb3BlcnR5IG5hbWUKIFBBU1MgbzEwWzQyXSBpcyA4CiBQQVNTIG8x MFs0Ml0gaXMgMTEKK0RlZmluaW5nIGdldHRlciBvbmx5IGFuZCBhY2Nlc3NpbmcgX19sb29rdXBT ZXR0ZXJfXyBzaG91bGQgbm90IGNyYXNoCitQQVNTIG8xMS5fX2xvb2t1cFNldHRlcl9fKCdiJykg aXMgdm9pZCAwCitEZWZpbmluZyBzZXR0ZXIgb25seSBhbmQgYWNjZXNzaW5nIF9fbG9va3VwR2V0 dGVyX18gc2hvdWxkIG5vdCBjcmFzaAorUEFTUyBvMTIuX19sb29rdXBHZXR0ZXJfXygnYicpIGlz IHZvaWQgMAorV2hlbiB1bmRlZmluZWQsIGFjY2Vzc2luZyBfX2xvb2t1cEdldHRlcl9fIGFuZCBf X2xvb2t1cFNldHRlcl9fIHNob3VsZCBub3QgY3Jhc2gKK1BBU1MgbzEzLl9fbG9va3VwR2V0dGVy X18oJ2InKSBpcyB2b2lkIDAKK1BBU1MgbzEzLl9fbG9va3VwU2V0dGVyX18oJ2InKSBpcyB2b2lk IDAKIFBBU1Mgc3VjY2Vzc2Z1bGx5UGFyc2VkIGlzIHRydWUKIAogVEVTVCBDT01QTEVURQpJbmRl eDogTGF5b3V0VGVzdHMvanMvc2NyaXB0LXRlc3RzL3Byb3BlcnR5LWdldHRlcnMtYW5kLXNldHRl cnMuanMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvanMvc2NyaXB0LXRlc3RzL3Byb3BlcnR5 LWdldHRlcnMtYW5kLXNldHRlcnMuanMJKHJldmlzaW9uIDE2NTY2OSkKKysrIExheW91dFRlc3Rz L2pzL3NjcmlwdC10ZXN0cy9wcm9wZXJ0eS1nZXR0ZXJzLWFuZC1zZXR0ZXJzLmpzCSh3b3JraW5n IGNvcHkpCkBAIC03OSwzICs3OSwyMyBAQCB2YXIgbzEwID0geyAnYSc6NywgZ2V0IDQyKCkgeyBy ZXR1cm4gdGhpCiBzaG91bGRCZSgibzEwWzQyXSIsICI4Iik7CiBvMTBbNDJdID0gMTA7CiBzaG91 bGRCZSgibzEwWzQyXSIsICIxMSIpOworCitkZWJ1ZygiRGVmaW5pbmcgZ2V0dGVyIG9ubHkgYW5k IGFjY2Vzc2luZyBfX2xvb2t1cFNldHRlcl9fIHNob3VsZCBub3QgY3Jhc2giKTsKK3ZhciBvMTEg PSBuZXcgT2JqZWN0KCkKK2Z1bmN0aW9uIGdldEIoKSB7IHJldHVybiB0aGlzLmEgfQorbzExLl9f ZGVmaW5lR2V0dGVyX18oJ2InLCBnZXRCKQorCitzaG91bGRCZSgibzExLl9fbG9va3VwU2V0dGVy X18oJ2InKSIsICJ2b2lkIDAiKTsKKworZGVidWcoIkRlZmluaW5nIHNldHRlciBvbmx5IGFuZCBh Y2Nlc3NpbmcgX19sb29rdXBHZXR0ZXJfXyBzaG91bGQgbm90IGNyYXNoIik7Cit2YXIgbzEyID0g bmV3IE9iamVjdCgpCitmdW5jdGlvbiBzZXRCKHgpIHsgdGhpcy5hID0geCB9CitvMTIuX19kZWZp bmVTZXR0ZXJfXygnYicsIHNldEIpCisKK3Nob3VsZEJlKCJvMTIuX19sb29rdXBHZXR0ZXJfXygn YicpIiwgInZvaWQgMCIpOworCitkZWJ1ZygiV2hlbiB1bmRlZmluZWQsIGFjY2Vzc2luZyBfX2xv b2t1cEdldHRlcl9fIGFuZCBfX2xvb2t1cFNldHRlcl9fIHNob3VsZCBub3QgY3Jhc2giKTsKK3Zh ciBvMTMgPSBuZXcgT2JqZWN0KCkKKworc2hvdWxkQmUoIm8xMy5fX2xvb2t1cEdldHRlcl9fKCdi JykiLCAidm9pZCAwIik7CitzaG91bGRCZSgibzEzLl9fbG9va3VwU2V0dGVyX18oJ2InKSIsICJ2 b2lkIDAiKTsK