Summary: | A "cached" null setter should throw a TypeException when called in strict mode and doesn't | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Michael Saboff <msaboff> | ||||||
Component: | JavaScriptCore | Assignee: | Michael Saboff <msaboff> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | Keywords: | InRadar | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Bug Depends on: | 139229 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Michael Saboff
2014-12-08 15:29:25 PST
Created attachment 242855 [details]
Test to demonstrate issue
Created attachment 244949 [details]
Patch
Comment on attachment 244949 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=244949&action=review r+ modulo style > Source/JavaScriptCore/runtime/NullSetterFunction.h:27 > +#ifndef NullSetterFunction_h > +#define NullSetterFunction_h Remove the extra space. Committed r178696: <http://trac.webkit.org/changeset/178696> Comment on attachment 244949 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=244949&action=review > Source/JavaScriptCore/runtime/NullSetterFunction.cpp:96 > +ConstructType NullSetterFunction::getConstructData(JSCell*, ConstructData& constructData) > +{ > + constructData.native.function = constructReturnUndefined; > + return ConstructTypeHost; > +} This looks wrong. A setter can't be called as a constructor, can it? I don't think your test covers this case, either. You should probably remove the constructor path. (In reply to comment #6) > Comment on attachment 244949 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=244949&action=review > > > Source/JavaScriptCore/runtime/NullSetterFunction.cpp:96 > > +ConstructType NullSetterFunction::getConstructData(JSCell*, ConstructData& constructData) > > +{ > > + constructData.native.function = constructReturnUndefined; > > + return ConstructTypeHost; > > +} > > This looks wrong. A setter can't be called as a constructor, can it? I don't > think your test covers this case, either. You should probably remove the > constructor path. Filed <https://bugs.webkit.org/show_bug.cgi?id=140708> - "Eliminate construct methods from NullGetterFunction and NullSetterFunction classes" to track removing the constructor path. |