Bug 130279

Summary: Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when undefined
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, ggaren, mhahnenberg, mmirman, msaboff, oliver
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
the patch. fpizlo: review+

Description Mark Lam 2014-03-14 19:22:38 PDT
If both the getter nor setter are not defined, accessing __lookupGetter__ and __lookupSetter__ will return undefined as expected.  However, if the getter is defined but the setter is not, accessing __lookupSetter__ will crash the VM.  Similarly, accessing __lookupGetter__ when only the setter is set will crash the VM.

The reason is because objectProtoFuncLookupGetter() and objectProtoFuncLookupSetter() did not check if the getter and setter value is non-null before returning it as an EncodedJSValue.  The fix is to add the appropriate null checks.

ref: <rdar://problem/16316505>
Comment 1 Mark Lam 2014-03-14 19:29:01 PDT
Created attachment 226794 [details]
the patch.
Comment 2 Filip Pizlo 2014-03-14 19:52:28 PDT
Comment on attachment 226794 [details]
the patch.

Awesome.
Comment 3 Mark Lam 2014-03-14 23:31:48 PDT
Thanks for the review.  Landed in r165680: <http://trac.webkit.org/r165680>.