6322 2006-01-01 09:13:40 -0800 DateProtoFuncImp::callAsFunction can crash due to lack of type checking 2006-01-16 18:19:14 -0800 1 1 1 Unclassified WebKit JavaScriptCore 420+ Other Linux RESOLVED FIXED InRadar P1 Major --- 1 maksim ggaren alice.barraclough oldest_to_newest 27417 0 maksim 2006-01-01 09:13:40 -0800 DateProtoFuncImp::callAsFunction will call internalValue->toNumber on most inputs, w/o checking the type. This can a) crash (see below) b) seems wrong since I do not see it in the spec that most methods of Date.prototype should be generic. Sample testcase: Math.__proto__.crash = Date.prototype.getDate; Math.crash(); (spotted when trying to push internalValue further down into hierarchy) 28265 1 alice.barraclough 2006-01-11 17:06:53 -0800 <rdar://problem/4406070> 28383 2 5650 ggaren 2006-01-13 17:19:13 -0800 Created attachment 5650 reduction Attached reduction. 28384 3 ggaren 2006-01-13 17:26:37 -0800 15.9.5 Properties of the Date Prototype Object None of these functions are generic; a TypeError exception is thrown if the this value is not an object for which the value of the internal [[Class]] property is "Date". 28385 4 5651 ggaren 2006-01-13 17:51:50 -0800 Created attachment 5651 Fix Three cheers for the delete key. 0 regressions found. 0 tests fixed. 28389 5 5651 darin 2006-01-13 22:52:08 -0800 Comment on attachment 5651 Fix Would be nice to test all the methods instead of just getDate. r=me 28638 6 ggaren 2006-01-16 18:19:14 -0800 Landed with tests for all methods but valueOf, which seems to confuse our test engine. Will file new bug about that. 5650 2006-01-13 17:19:13 -0800 2006-01-13 17:19:13 -0800 reduction reduction.html text/html 626 ggaren PGh0bWw+CjxoZWFkPgo8c2NyaXB0PgpmdW5jdGlvbiBwcmludChtZXNzYWdlKSB7CiAgICB2YXIg cGFyYWdyYXBoID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgicCIpOwogICAgcGFyYWdyYXBoLmFw cGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZVRleHROb2RlKG1lc3NhZ2UpKTsKICAgIGRvY3VtZW50 LmdldEVsZW1lbnRCeUlkKCJjb25zb2xlIikuYXBwZW5kQ2hpbGQocGFyYWdyYXBoKTsKfQoKZnVu Y3Rpb24gdGVzdCgpIHsKICAgIGlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsKICAg ICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CiAgICB9CiAgICAKICAgIHZh ciBvID0gbmV3IE9iamVjdCgpOwogICAgby5fX3Byb3RvX18uY3Jhc2ggPSBEYXRlLnByb3RvdHlw ZS5nZXREYXRlOwogICAgby5jcmFzaCgpOwp9Cjwvc2NyaXB0Pgo8L2hlYWQ+Cjxib2R5IG9ubG9h ZD0idGVzdCgpOyI+CjxwPlRoaXMgdGVzdCBjaGVja3MgZm9yIGEgcmVncmVzc2lvbiBhZ2FpbnN0 IDxpPl9fX19fPC9pPi48L3A+CjxwPklmIHRoZSB0ZXN0IHBhc3NlcywgeW91IHdpbGwgc2VlIF9f X19fIGJlbG93LjwvcD4KPGhyPgo8ZGl2IGlkPSdjb25zb2xlJy8+CjwvYm9keT4KPC9odG1sPgo= 5651 2006-01-13 17:51:50 -0800 2006-01-13 22:52:08 -0800 Fix patch-date-proto-crash.txt text/plain 4289 ggaren SW5kZXg6IEphdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEyMDgyKQorKysgSmF2YVNjcmlwdENvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMDYtMDEtMTMgIEdlb2ZmcmV5 IEdhcmVuICA8Z2dhcmVuQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICAtIEZpeGVkIGh0dHA6Ly9idWd6aWxsYS5vcGVuZGFyd2luLm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9NjMyMgorICAgICAgICBEYXRlUHJvdG9GdW5jSW1wOjpjYWxsQXNG dW5jdGlvbiBjYW4gY3Jhc2ggZHVlIHRvIGxhY2sgb2YgdHlwZSBjaGVja2luZworCisgICAgICAg ICoga2pzL2RhdGVfb2JqZWN0LmNwcDoKKyAgICAgICAgKEtKUzo6RGF0ZVByb3RvRnVuYzo6Y2Fs bEFzRnVuY3Rpb24pOiBUeXBlIGNoZWNrIGNhbGxzIHRvIGFsbCBtZXRob2RzLiAKKyAgICAgICAg VGhpcyBtYXRjaGVzIHNlY3Rpb24gMTUuOS41IGluIHRoZSBzcGVjLgorCiAyMDA2LTAxLTEzICBN YWtzIE9ybG92aWNoICAgPG1ha3NpbUBrZGUub3JnPgogCiAgICAgICAgIE1vc3RseSBtZXJnaW5n IHdvcmsgYnkgUGV0ZXIgS2VsbHkuIFJldmlld2VkIGJ5IE1hY2llaiwgbGFuZGVkIGJ5IGFwLgpJ bmRleDogSmF2YVNjcmlwdENvcmUva2pzL2RhdGVfb2JqZWN0LmNwcAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBK YXZhU2NyaXB0Q29yZS9ranMvZGF0ZV9vYmplY3QuY3BwCShyZXZpc2lvbiAxMjAwMikKKysrIEph dmFTY3JpcHRDb3JlL2tqcy9kYXRlX29iamVjdC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQ4OCwx NSArNDg4LDggQEAgc3RhdGljIGJvb2wgaXNUaW1lX3RTaWduZWQoKQogCiBKU1ZhbHVlICpEYXRl UHJvdG9GdW5jOjpjYWxsQXNGdW5jdGlvbihFeGVjU3RhdGUgKmV4ZWMsIEpTT2JqZWN0ICp0aGlz T2JqLCBjb25zdCBMaXN0ICZhcmdzKQogewotICBpZiAoKGlkID09IFRvU3RyaW5nIHx8IGlkID09 IFZhbHVlT2YgfHwgaWQgPT0gR2V0VGltZSB8fCBpZCA9PSBTZXRUaW1lKSAmJgotICAgICAgIXRo aXNPYmotPmluaGVyaXRzKCZEYXRlSW5zdGFuY2U6OmluZm8pKSB7Ci0gICAgLy8gbm9uLWdlbmVy aWMgZnVuY3Rpb24gY2FsbGVkIG9uIG5vbi1kYXRlIG9iamVjdAotCi0gICAgLy8gVG9TdHJpbmcg YW5kIFZhbHVlT2YgYXJlIGdlbmVyaWMgYWNjb3JkaW5nIHRvIHRoZSBzcGVjLCBidXQgdGhlIG1v emlsbGEKLSAgICAvLyB0ZXN0cyBzdWdnZXN0IG90aGVyd2lzZS4uLgorICBpZiAoIXRoaXNPYmot PmluaGVyaXRzKCZEYXRlSW5zdGFuY2U6OmluZm8pKQogICAgIHJldHVybiB0aHJvd0Vycm9yKGV4 ZWMsIFR5cGVFcnJvcik7Ci0gIH0KLQogCiAgIEpTVmFsdWUgKnJlc3VsdCA9IDA7CiAgIFVTdHJp bmcgczsKSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRU ZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDEyMDgyKQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9n CSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMDYtMDEtMTMgIEdlb2ZmcmV5IEdh cmVuICA8Z2dhcmVuQGFwcGxlLmNvbT4KKworICAgICAgICAtIEFkZGVkIGxheW91dCB0ZXN0IGZv ciAKKyAgICAgICAgaHR0cDovL2J1Z3ppbGxhLm9wZW5kYXJ3aW4ub3JnL3Nob3dfYnVnLmNnaT9p ZD02MzIyCisgICAgICAgIERhdGVQcm90b0Z1bmNJbXA6OmNhbGxBc0Z1bmN0aW9uIGNhbiBjcmFz aCBkdWUgdG8gbGFjayBvZiB0eXBlIGNoZWNraW5nCisKKyAgICAgICAgKiBmYXN0L2pzL2RhdGUt cHJvdG8tZ2VuZXJpYy1pbnZvY2F0aW9uLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICog ZmFzdC9qcy9kYXRlLXByb3RvLWdlbmVyaWMtaW52b2NhdGlvbi5odG1sOiBBZGRlZC4KKyAgICAg ICAgKiBmYXN0L2pzL3Jlc291cmNlcy9kYXRlLXByb3RvLWdlbmVyaWMtaW52b2NhdGlvbi5qczog QWRkZWQuCisKIDIwMDYtMDEtMTMgIEFsZXhleSBQcm9za3VyeWFrb3YgIDxhcEBueXBvcC5jb20+ CiAKICAgICAgICAgQmFzZWQgb24gdGVzdCBjYXNlIHByb3ZpZGVkIGJ5IE1ha3MgT3Jsb3ZpY2gu IFJldmlld2VkIGJ5IE1hY2llai4KSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvanMvZGF0ZS1wcm90 by1nZW5lcmljLWludm9jYXRpb24tZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRl c3RzL2Zhc3QvanMvZGF0ZS1wcm90by1nZW5lcmljLWludm9jYXRpb24tZXhwZWN0ZWQudHh0CShy ZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9qcy9kYXRlLXByb3RvLWdlbmVyaWMtaW52 b2NhdGlvbi1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTAgQEAKK1RoaXMg dGVzdCB2ZXJpZmllcyB0aGF0IHRoZSBmdW5jdGlvbnMgb2YgdGhlIERhdGUgcHJvdG90eXBlIG9i amVjdCBhcmUgbm90IGdlbmVyaWMsIGFzIGRvY3VtZW50ZWQgaW4gRUNNQS0yNjIgcmV2MyBzZWN0 aW9uIDE1LjkuNSBQcm9wZXJ0aWVzIG9mIHRoZSBEYXRlIFByb3RvdHlwZSBPYmplY3QuCisKK09u IHN1Y2Nlc3MsIHlvdSB3aWxsIHNlZSBhIHNlcmllcyBvZiAiUEFTUyIgbWVzc2FnZXMsIGZvbGxv d2VkIGJ5ICJURVNUIENPTVBMRVRFIi4KKworCitQQVNTIG8uY3Jhc2goKSB0aHJldyBleGNlcHRp b24gVHlwZUVycm9yOiBUeXBlIGVycm9yLgorUEFTUyBzdWNjZXNzZnVsbHlQYXJzZWQgaXMgdHJ1 ZQorCitURVNUIENPTVBMRVRFCisKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvanMvZGF0ZS1wcm90 by1nZW5lcmljLWludm9jYXRpb24uaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0 L2pzL2RhdGUtcHJvdG8tZ2VuZXJpYy1pbnZvY2F0aW9uLmh0bWwJKHJldmlzaW9uIDApCisrKyBM YXlvdXRUZXN0cy9mYXN0L2pzL2RhdGUtcHJvdG8tZ2VuZXJpYy1pbnZvY2F0aW9uLmh0bWwJKHJl dmlzaW9uIDApCkBAIC0wLDAgKzEsMTMgQEAKKzwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vSUVU Ri8vRFREIEhUTUwvL0VOIj4KKzxodG1sPgorPGhlYWQ+Cis8bGluayByZWw9InN0eWxlc2hlZXQi IGhyZWY9InJlc291cmNlcy9qcy10ZXN0LXN0eWxlLmNzcyI+Cis8c2NyaXB0IHNyYz0icmVzb3Vy Y2VzL2pzLXRlc3QtcHJlLmpzIj48L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5PgorPHAgaWQ9ImRl c2NyaXB0aW9uIj48L3A+Cis8ZGl2IGlkPSJjb25zb2xlIj48L2Rpdj4KKzxzY3JpcHQgc3JjPSJy ZXNvdXJjZXMvZGF0ZS1wcm90by1nZW5lcmljLWludm9jYXRpb24uanMiPjwvc2NyaXB0PgorPHNj cmlwdCBzcmM9InJlc291cmNlcy9qcy10ZXN0LXBvc3QuanMiPjwvc2NyaXB0PgorPC9ib2R5Pgor PC9odG1sPgpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9qcy9yZXNvdXJjZXMvZGF0ZS1wcm90by1n ZW5lcmljLWludm9jYXRpb24uanMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9qcy9y ZXNvdXJjZXMvZGF0ZS1wcm90by1nZW5lcmljLWludm9jYXRpb24uanMJKHJldmlzaW9uIDApCisr KyBMYXlvdXRUZXN0cy9mYXN0L2pzL3Jlc291cmNlcy9kYXRlLXByb3RvLWdlbmVyaWMtaW52b2Nh dGlvbi5qcwkocmV2aXNpb24gMCkKQEAgLTAsMCArMSw3IEBACitkZXNjcmlwdGlvbigiVGhpcyB0 ZXN0IHZlcmlmaWVzIHRoYXQgdGhlIGZ1bmN0aW9ucyBvZiB0aGUgRGF0ZSBwcm90b3R5cGUgb2Jq ZWN0IGFyZSBub3QgZ2VuZXJpYywgYXMgZG9jdW1lbnRlZCBpbiBFQ01BLTI2MiByZXYzIHNlY3Rp b24gMTUuOS41IFByb3BlcnRpZXMgb2YgdGhlIERhdGUgUHJvdG90eXBlIE9iamVjdC4iKTsKKwor dmFyIG8gPSBuZXcgT2JqZWN0KCk7CitvLl9fcHJvdG9fXy5jcmFzaCA9IERhdGUucHJvdG90eXBl LmdldERhdGU7CitzaG91bGRUaHJvdygnby5jcmFzaCgpJyk7CisKK3ZhciBzdWNjZXNzZnVsbHlQ YXJzZWQgPSB0cnVlOwo=