Bug 130279

Summary:

Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when undefined

Product:

WebKit

Reporter:

Mark Lam <mark.lam>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

fpizlo, ggaren, mhahnenberg, mmirman, msaboff, oliver

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
the patch.	fpizlo: review+

Mark Lam

Reported 2014-03-14 19:22:38 PDT

If both the getter nor setter are not defined, accessing __lookupGetter__ and __lookupSetter__ will return undefined as expected. However, if the getter is defined but the setter is not, accessing __lookupSetter__ will crash the VM. Similarly, accessing __lookupGetter__ when only the setter is set will crash the VM. The reason is because objectProtoFuncLookupGetter() and objectProtoFuncLookupSetter() did not check if the getter and setter value is non-null before returning it as an EncodedJSValue. The fix is to add the appropriate null checks. ref: <rdar://problem/16316505>

Attachments
the patch. (5.24 KB, patch) 2014-03-14 19:29 PDT, Mark Lam	fpizlo: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2014-03-14 19:29:01 PDT

Created attachment 226794 [details] the patch.

Filip Pizlo

Comment 2 2014-03-14 19:52:28 PDT

Comment on attachment 226794 [details] the patch. Awesome.

Mark Lam

Comment 3 2014-03-14 23:31:48 PDT

Thanks for the review. Landed in r165680: <http://trac.webkit.org/r165680>.

Note You need to log in before you can comment on or make changes to this bug.