Bug 154403
| Summary: | ASSERT on SES selftest page when loading the page while WebInspector is open in debug builds | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | Web Inspector | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | bburg, graouts, joepeck, mattbaker, nvasilyev, timothy, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | https://rawgit.com/tvcutsem/es-lab/master/src/ses/contract.html | ||
Chris Dumez
Crash on SES selftest page when loading the page while WebInspector is open in debug builds:
https://rawgit.com/tvcutsem/es-lab/master/src/ses/contract.html
Trace:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note: EXC_CORPSE_NOTIFY
VM Regions Near 0xbbadbeef:
-->
__TEXT 000000010f456000-000000010f458000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Application Specific Information:
Bundle controller class:
BrowserBundleController
Process Model:
Multiple Web Processes
Global Trace Buffer (reverse chronological seconds):
88.533547 CFNetwork 0x00007fff8f681d29 Explicitly setting CF cookie storage singleton
88.533865 CFNetwork 0x00007fff8f6b8621 Explicitly setting cookie storage singleton
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x000000011399e487 WTFCrash + 39 (Assertions.cpp:322)
1 com.apple.JavaScriptCore 0x00000001133097f7 Inspector::InjectedScriptBase::makeCall(Deprecated::ScriptFunctionCall&, WTF::RefPtr<Inspector::InspectorValue>*) + 183 (InjectedScriptBase.cpp:98)
2 com.apple.JavaScriptCore 0x0000000113305a0d Inspector::InjectedScript::getDisplayableProperties(WTF::String&, WTF::String const&, bool, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::PropertyDescriptor> >*) + 253 (InjectedScript.cpp:136)
3 com.apple.JavaScriptCore 0x000000011339d9cb Inspector::InspectorRuntimeAgent::getDisplayableProperties(WTF::String&, WTF::String const&, bool const*, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::PropertyDescriptor> >&, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::InternalPropertyDescriptor> >&) + 283 (InspectorRuntimeAgent.cpp:192)
4 com.apple.JavaScriptCore 0x000000011339daba non-virtual thunk to Inspector::InspectorRuntimeAgent::getDisplayableProperties(WTF::String&, WTF::String const&, bool const*, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::PropertyDescriptor> >&, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::InternalPropertyDescriptor> >&) + 90 (InspectorRuntimeAgent.cpp:180)
5 com.apple.JavaScriptCore 0x000000011334887e Inspector::RuntimeBackendDispatcher::getDisplayableProperties(long, WTF::RefPtr<Inspector::InspectorObject>&&) + 718 (InspectorBackendDispatchers.cpp:5154)
6 com.apple.JavaScriptCore 0x0000000113346476 Inspector::RuntimeBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) + 886 (InspectorBackendDispatchers.cpp:4970)
7 com.apple.JavaScriptCore 0x0000000113317950 Inspector::BackendDispatcher::dispatch(WTF::String const&) + 2000 (InspectorBackendDispatcher.cpp:181)
8 com.apple.WebCore 0x000000011698651f WebCore::InspectorController::dispatchMessageFromFrontend(WTF::String const&) + 47 (InspectorController.cpp:386)
9 com.apple.WebKit 0x000000010fc07243 WebKit::WebInspector::sendMessageToBackend(WTF::String const&) + 83 (WebInspector.cpp:252)
10 com.apple.WebKit 0x000000010fc1435f void IPC::callMemberFunctionImpl<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>, 0ul>(WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>&&, std::index_sequence<0ul>) + 159 (HandleMessage.h:17)
11 com.apple.WebKit 0x000000010fc142b8 void IPC::callMemberFunction<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>, std::make_index_sequence<1ul> >(std::__1::tuple<WTF::String>&&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) + 88 (HandleMessage.h:23)
12 com.apple.WebKit 0x000000010fc13ed0 void IPC::handleMessage<Messages::WebInspector::SendMessageToBackend, WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&)>(IPC::MessageDecoder&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) + 240 (HandleMessage.h:93)
13 com.apple.WebKit 0x000000010fc1339a WebKit::WebInspector::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 1306 (WebInspectorMessageReceiver.cpp:77)
14 com.apple.WebKit 0x000000010fc13407 non-virtual thunk to WebKit::WebInspector::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 55 (WebInspectorMessageReceiver.cpp:37)
15 com.apple.WebKit 0x000000010f5174d3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:892)
16 com.apple.WebKit 0x000000010f50e351 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:924)
17 com.apple.WebKit 0x000000010f517acf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:953)
18 com.apple.WebKit 0x000000010f528e3d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:886)
19 com.apple.WebKit 0x000000010f528e0d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441)
20 com.apple.WebKit 0x000000010f528c5c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407)
21 com.apple.JavaScriptCore 0x00000001132e2cda std::__1::function<void ()>::operator()() const + 26 (functional:1793)
22 com.apple.JavaScriptCore 0x00000001139e8272 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106)
23 com.apple.JavaScriptCore 0x00000001139e8a94 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
24 com.apple.CoreFoundation 0x00007fff985275c1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
25 com.apple.CoreFoundation 0x00007fff9851941c __CFRunLoopDoSources0 + 556
26 com.apple.CoreFoundation 0x00007fff9851893f __CFRunLoopRun + 927
27 com.apple.CoreFoundation 0x00007fff98518338 CFRunLoopRunSpecific + 296
28 com.apple.HIToolbox 0x00007fff9a7e4935 RunCurrentEventLoopInMode + 235
29 com.apple.HIToolbox 0x00007fff9a7e476f ReceiveNextEventCommon + 432
30 com.apple.HIToolbox 0x00007fff9a7e45af _BlockUntilNextEventMatchingListInModeWithFilter + 71
31 com.apple.AppKit 0x00007fff938cd0ee _DPSNextEvent + 1067
32 com.apple.AppKit 0x00007fff93c99943 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
33 com.apple.WebCore 0x000000011631542a WebCore::EventLoop::cycle() + 138 (EventLoopMac.mm:34)
34 com.apple.WebCore 0x00000001174d2611 WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal() + 97 (PageScriptDebugServer.cpp:116)
35 com.apple.WebCore 0x00000001174d25a5 WebCore::PageScriptDebugServer::runEventLoopWhilePaused() + 21 (PageScriptDebugServer.cpp:109)
36 com.apple.JavaScriptCore 0x00000001137dde14 Inspector::ScriptDebugServer::handlePause(JSC::JSGlobalObject*, JSC::Debugger::ReasonForPause) + 116 (ScriptDebugServer.cpp:317)
37 com.apple.JavaScriptCore 0x0000000112dc62fd JSC::Debugger::pauseIfNeeded(JSC::ExecState*) + 637 (Debugger.cpp:660)
38 com.apple.JavaScriptCore 0x0000000112dc65bc JSC::Debugger::updateCallFrameAndPauseIfNeeded(JSC::ExecState*) + 60 (Debugger.cpp:612)
39 com.apple.JavaScriptCore 0x0000000112dc6a54 JSC::Debugger::didReachBreakpoint(JSC::ExecState*) + 100 (Debugger.cpp:767)
40 com.apple.JavaScriptCore 0x00000001133ae20b JSC::Interpreter::debug(JSC::ExecState*, JSC::DebugHookID) + 347 (Interpreter.cpp:1366)
41 com.apple.JavaScriptCore 0x00000001135ea25b llint_slow_path_debug + 123 (LLIntSlowPaths.cpp:1379)
42 com.apple.JavaScriptCore 0x00000001135f4ec4 llint_entry + 29472
43 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829
44 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829
45 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829
46 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829
47 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829
48 com.apple.JavaScriptCore 0x00000001135ed98e vmEntryToJavaScript + 334
49 com.apple.JavaScriptCore 0x000000011340e6fa JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 (JITCode.cpp:80)
50 com.apple.JavaScriptCore 0x00000001133ac7b6 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4518 (Interpreter.cpp:972)
51 com.apple.JavaScriptCore 0x0000000112d97b60 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 480 (Completion.cpp:105)
52 com.apple.JavaScriptCore 0x0000000112d97c9e JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 94 (Completion.cpp:120)
53 com.apple.WebCore 0x00000001179b8beb WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 75 (JSMainThreadExecState.h:80)
54 com.apple.WebCore 0x00000001179b6766 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 326 (ScriptController.cpp:164)
55 com.apple.WebCore 0x00000001179b68cc WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) + 76 (ScriptController.cpp:180)
56 com.apple.WebCore 0x00000001179c5ccb WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 491 (ScriptElement.cpp:314)
57 com.apple.WebCore 0x00000001179c4bb3 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1731 (ScriptElement.cpp:245)
58 com.apple.WebCore 0x0000000116711f2c WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 364 (HTMLScriptRunner.cpp:304)
59 com.apple.WebCore 0x0000000116711d3a WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 138 (HTMLScriptRunner.cpp:177)
60 com.apple.WebCore 0x0000000116638021 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 289 (HTMLDocumentParser.cpp:195)
61 com.apple.WebCore 0x0000000116638131 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 177 (HTMLDocumentParser.cpp:214)
62 com.apple.WebCore 0x000000011663749f WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 399 (HTMLDocumentParser.cpp:252)
63 com.apple.WebCore 0x00000001166370ce WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) + 174 (HTMLDocumentParser.cpp:167)
64 com.apple.WebCore 0x000000011663914f WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 383 (HTMLDocumentParser.cpp:488)
65 com.apple.WebCore 0x0000000116639557 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 327 (HTMLDocumentParser.cpp:528)
66 com.apple.WebCore 0x000000011663959f non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 47 (HTMLDocumentParser.cpp:512)
67 com.apple.WebCore 0x0000000115ca7212 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:295)
68 com.apple.WebCore 0x0000000115ca7321 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:313)
69 com.apple.WebCore 0x0000000115cc802e WebCore::CachedScript::finishLoading(WebCore::SharedBuffer*) + 126 (CachedScript.cpp:117)
70 com.apple.WebCore 0x0000000117c9ea54 WebCore::SubresourceLoader::didFinishLoading(double) + 532 (SubresourceLoader.cpp:386)
71 com.apple.WebKit 0x000000010fea6687 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 151 (WebResourceLoader.cpp:154)
72 com.apple.WebKit 0x000000010feabbf3 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 163 (HandleMessage.h:17)
73 com.apple.WebKit 0x000000010feabb48 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 88 (HandleMessage.h:23)
74 com.apple.WebKit 0x000000010feaac62 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 226 (HandleMessage.h:93)
75 com.apple.WebKit 0x000000010feaa3dc WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 636 (WebResourceLoaderMessageReceiver.cpp:66)
76 com.apple.WebKit 0x000000010f8638b0 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 160 (NetworkProcessConnection.cpp:60)
77 com.apple.WebKit 0x000000010f5174d3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:892)
78 com.apple.WebKit 0x000000010f50e351 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:924)
79 com.apple.WebKit 0x000000010f517acf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:953)
80 com.apple.WebKit 0x000000010f528e3d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:886)
81 com.apple.WebKit 0x000000010f528e0d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441)
82 com.apple.WebKit 0x000000010f528c5c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407)
83 com.apple.JavaScriptCore 0x00000001132e2cda std::__1::function<void ()>::operator()() const + 26 (functional:1793)
84 com.apple.JavaScriptCore 0x00000001139e83ad WTF::RunLoop::performWork() + 621 (RunLoop.cpp:123)
85 com.apple.JavaScriptCore 0x00000001139e8a94 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
86 com.apple.CoreFoundation 0x00007fff985275c1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
87 com.apple.CoreFoundation 0x00007fff9851941c __CFRunLoopDoSources0 + 556
88 com.apple.CoreFoundation 0x00007fff9851893f __CFRunLoopRun + 927
89 com.apple.CoreFoundation 0x00007fff98518338 CFRunLoopRunSpecific + 296
90 com.apple.HIToolbox 0x00007fff9a7e4935 RunCurrentEventLoopInMode + 235
91 com.apple.HIToolbox 0x00007fff9a7e476f ReceiveNextEventCommon + 432
92 com.apple.HIToolbox 0x00007fff9a7e45af _BlockUntilNextEventMatchingListInModeWithFilter + 71
93 com.apple.AppKit 0x00007fff938cd0ee _DPSNextEvent + 1067
94 com.apple.AppKit 0x00007fff93c99943 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
95 com.apple.AppKit 0x00007fff938c2fc8 -[NSApplication run] + 682
96 com.apple.AppKit 0x00007fff93845520 NSApplicationMain + 1176
97 libxpc.dylib 0x00007fff99fcbf6c _xpc_objc_main + 793
98 libxpc.dylib 0x00007fff99fcd6bb xpc_main + 494
99 com.apple.WebKit.WebContent.Development 0x000000010f457110 main + 800 (XPCServiceMain.mm:114)
100 libdyld.dylib 0x00007fff97aed5ad start + 1
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/24724611>
Joseph Pecoraro
This is an ASSERT that InjectedScriptSource did not throw an exception, but it did. We've seen this in the past if pages override builtin things (like `Set`).
Timothy Hatcher
Dupe to bug 152294?
Chris Dumez
file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Views/ScopeChainDetailsSidebarPanel.js:183:27: CONSOLE ERROR
file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Views/ScopeChainDetailsSidebarPanel.js:183:27: CONSOLE ERROR
file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Views/ScopeChainDetailsSidebarPanel.js:183:27: CONSOLE ERROR
CONSOLE LOG Cannot convert null or undefined to object : contract.html line 217
cajaVM.confine(exprSrc, {fakeUrl: cfakeUrl, nested: cnested}, {
sourceUrl: 'data:,' + encodeURIComponent(exprSrc)
});
file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Models/GarbageCollection.js:32:23: CONSOLE ERROR
Joseph Pecoraro
This exception is thrown by user code.
It seems like the page's code overrides `Object.prototype.__proto__`. InjectedScript, traversing the prototype chain using __proto__, encounters an error it doesn't expect caused by this code throwing.
Here is where the TypeError is defined:
> /**
> * Repairs both getter and setter. If either are vulnerable, I don't
> * care if the other seemed to pass the test. Better to make them
> * both safe.
> */
> function repair_UNDERBAR_PROTO_accessors_USE_GLOBAL() {
> var gopd = Object.getOwnPropertyDescriptor;
>
> var oldDesc = gopd(Object.prototype, '__proto__');
> var oldGetter = oldDesc.get;
> var oldSetter = oldDesc.set;
> function newGetter() {
> if (this === null || this === void 0) {
> throw new TypeError('Cannot convert null or undefined to object');
> } else {
> return oldGetter.call(this);
> }
> }
> function newSetter(newProto) {
> if (this === null || this === void 0) {
> throw new TypeError('Cannot convert null or undefined to object');
> } else {
> oldSetter.call(this, newProto);
> }
> }
> Object.defineProperty(Object.prototype, '__proto__', {
> get: oldGetter ? newGetter : void 0,
> set: oldSetter ? newSetter : void 0
> });
> }
And here is code that exercises it with a description (there is code exercising the getter and setter)
> /**
> * Detects https://bugs.webkit.org/show_bug.cgi?id=141865
> *
> * <p>On Safari 7.0.5 (9537.77.4), the getter of the
> * Object.prototype.__proto__ property, if applied to undefined,
> * acts like a sloppy function would, coercing the undefined to the
> * global object and returning the global object's [[Prototype]].
> */
> function test_UNDERBAR_PROTO_GETTER_USES_GLOBAL() {
> var gopd = Object.getOwnPropertyDescriptor;
> var getProto = Object.getPrototypeOf;
>
> var desc = gopd(Object.prototype, '__proto__');
> if (!desc) { return false; }
> var getter = desc.get;
> if (!getter) { return false; }
> var globalProto = void 0;
> try {
> globalProto = getter();
> } catch (ex) {
> if (ex instanceof TypeError && globalProto === void 0) {
> return false;
> }
> return 'unexpected error: ' + ex;
> }
> if (getProto(global) === globalProto) { return true; }
> return 'unexpected global.__proto__: ' + globalProto;
> }
That said, I did not investigate what code in InjectedScriptSource encounters this.
I do think moving InjectedScriptSource to a builtin, and using @Object.@getPrototypeOf() instead of __proto__ would probably solve this.
Timothy Hatcher
*** This bug has been marked as a duplicate of bug 152294 ***