Bug 130279

Summary:

Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when undefined

Product:

WebKit

Reporter:

Mark Lam <mark.lam>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

fpizlo, ggaren, mhahnenberg, mmirman, msaboff, oliver

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
the patch.	fpizlo: review+

Description Mark Lam 2014-03-14 19:22:38 PDT

If both the getter nor setter are not defined, accessing __lookupGetter__ and __lookupSetter__ will return undefined as expected.  However, if the getter is defined but the setter is not, accessing __lookupSetter__ will crash the VM.  Similarly, accessing __lookupGetter__ when only the setter is set will crash the VM.

The reason is because objectProtoFuncLookupGetter() and objectProtoFuncLookupSetter() did not check if the getter and setter value is non-null before returning it as an EncodedJSValue.  The fix is to add the appropriate null checks.

ref: <rdar://problem/16316505>

Comment 1 Mark Lam 2014-03-14 19:29:01 PDT

Created attachment 226794 [details]
the patch.

Comment 2 Filip Pizlo 2014-03-14 19:52:28 PDT

Comment on attachment 226794 [details]
the patch.

Awesome.

Comment 3 Mark Lam 2014-03-14 23:31:48 PDT

Thanks for the review.  Landed in r165680: <http://trac.webkit.org/r165680>.