| Summary: | eval("this.foo") causes a crash if this had not been initialized in a derived class's constructor | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> | ||||||
| Component: | JavaScriptCore | Assignee: | Ryosuke Niwa <rniwa> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | ap, benjamin, bfulgham, commit-queue, fpizlo, ggaren, joepeck, mark.lam, msaboff | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 140491 | ||||||||
| Attachments: |
|
||||||||
Created attachment 249655 [details]
WIP
Created attachment 249795 [details]
Fixes the crash
Attachment 249795 [details] did not pass style-queue:
ERROR: Source/JavaScriptCore/parser/Parser.cpp:212: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4]
Total errors found: 1 in 21 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 249795 [details]
Fixes the crash
Nice!
Committed r182198: <http://trac.webkit.org/changeset/182198> Did this patch cause the below failures on Windows? The bot was broken due to r182200 at first, so the range is somewhat long - but I don't see anything else related checked in recently. https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r182213%20(65485)/results.html (In reply to comment #6) > Did this patch cause the below failures on Windows? The bot was broken due > to r182200 at first, so the range is somewhat long - but I don't see > anything else related checked in recently. > > https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/ > r182213%20(65485)/results.html Seems unlikely as the code only runs when class syntax is used. |
new (class extends class {} { constructor() { eval("this.foo"); super(); } } new B; print("PASS"); results in a crash because we fail to emit a TDZ check.