Bug 154416

Summary:

JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow

Product:

WebKit

Reporter:

Gavin Barraclough <barraclough>

Component:

JavaScriptCore

Assignee:

Gavin Barraclough <barraclough>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

buildbot, commit-queue, keith_miller, mark.lam, msaboff, rniwa, saam

Priority:

Version:

Other

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Fix	none
Fix	buildbot: commit-queue-
Archive of layout-test-results from ews101 for mac-yosemite	none
Archive of layout-test-results from ews105 for mac-yosemite-wk2	none
Archive of layout-test-results from ews113 for mac-yosemite	none
Fix	buildbot: commit-queue-
Archive of layout-test-results from ews107 for mac-yosemite-wk2	none
Archive of layout-test-results from ews103 for mac-yosemite	none
Archive of layout-test-results from ews116 for mac-yosemite	none
Fix	ggaren: review+

Gavin Barraclough

Reported 2016-02-18 14:17:22 PST

Here's the bug. Suppose you call JSObject::getOwnProperty and: * PropertyName contains an index * An object on the prototype chain overrides getOwnPropertySlot, and has that index property * The base of the access (or another object on the prototype chain) shadows that property JSObject::getPropertySlot is written assuming the common case is that propertyName is not an index, and as such walks up the prototype chain looking for non-index properties before it tries calling parseIndex. At the point we reach an object on the prototype chain overriding getOwnPropertySlot (which would potentially return the property) we may have already skipped over non-overriding objects that contain the property in index storage.

Attachments
Fix (12.68 KB, patch) 2016-02-18 14:27 PST, Gavin Barraclough	no flags	Details Formatted Diff Diff
Fix (12.79 KB, patch) 2016-02-18 14:44 PST, Gavin Barraclough	buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews101 for mac-yosemite (1.13 MB, application/zip) 2016-02-18 15:40 PST, Build Bot	no flags	Details
Archive of layout-test-results from ews105 for mac-yosemite-wk2 (1.08 MB, application/zip) 2016-02-18 15:43 PST, Build Bot	no flags	Details
Archive of layout-test-results from ews113 for mac-yosemite (864.11 KB, application/zip) 2016-02-18 15:52 PST, Build Bot	no flags	Details
Fix (13.68 KB, patch) 2016-02-19 11:20 PST, Gavin Barraclough	buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews107 for mac-yosemite-wk2 (11.54 MB, application/zip) 2016-02-19 12:16 PST, Build Bot	no flags	Details
Archive of layout-test-results from ews103 for mac-yosemite (11.81 MB, application/zip) 2016-02-19 12:18 PST, Build Bot	no flags	Details
Archive of layout-test-results from ews116 for mac-yosemite (12.94 MB, application/zip) 2016-02-19 12:31 PST, Build Bot	no flags	Details
Fix (12.78 KB, patch) 2016-02-19 16:46 PST, Gavin Barraclough	ggaren: review+	Details Formatted Diff Diff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.

Gavin Barraclough

Comment 1 2016-02-18 14:27:20 PST

Created attachment 271696 [details] Fix

Gavin Barraclough

Comment 2 2016-02-18 14:44:55 PST

Created attachment 271697 [details] Fix

WebKit Commit Bot

Comment 3 2016-02-18 14:46:12 PST

Attachment 271697 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:9: Need whitespace between colon and description [changelog/filechangedescriptionwhitespace] [5] ERROR: Source/JavaScriptCore/ChangeLog:10: Need whitespace between colon and description [changelog/filechangedescriptionwhitespace] [5] ERROR: Source/JavaScriptCore/ChangeLog:11: Need whitespace between colon and description [changelog/filechangedescriptionwhitespace] [5] ERROR: Source/JavaScriptCore/runtime/JSObject.h:861: The parameter name "propertyName" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 4 in 8 files If any of these errors are false positives, please file a bug against check-webkit-style.

Build Bot

Comment 4 2016-02-18 15:40:15 PST

Comment on attachment 271697 [details] Fix Attachment 271697 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/851606 New failing tests: streams/reference-implementation/abstract-ops.html

Build Bot

Comment 5 2016-02-18 15:40:18 PST

Created attachment 271704 [details] Archive of layout-test-results from ews101 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5

Build Bot

Comment 6 2016-02-18 15:43:03 PST

Comment on attachment 271697 [details] Fix Attachment 271697 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/851608 New failing tests: streams/reference-implementation/abstract-ops.html

Build Bot

Comment 7 2016-02-18 15:43:05 PST

Created attachment 271706 [details] Archive of layout-test-results from ews105 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5

Build Bot

Comment 8 2016-02-18 15:52:16 PST

Comment on attachment 271697 [details] Fix Attachment 271697 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/851626 New failing tests: streams/reference-implementation/abstract-ops.html

Build Bot

Comment 9 2016-02-18 15:52:19 PST

Created attachment 271708 [details] Archive of layout-test-results from ews113 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-yosemite Platform: Mac OS X 10.10.5

Gavin Barraclough

Comment 10 2016-02-19 11:20:47 PST

Created attachment 271766 [details] Fix

Build Bot

Comment 11 2016-02-19 12:16:51 PST

Comment on attachment 271766 [details] Fix Attachment 271766 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/855539 Number of test failures exceeded the failure limit.

Build Bot

Comment 12 2016-02-19 12:16:55 PST

Created attachment 271774 [details] Archive of layout-test-results from ews107 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5

Build Bot

Comment 13 2016-02-19 12:18:01 PST

Comment on attachment 271766 [details] Fix Attachment 271766 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/855552 Number of test failures exceeded the failure limit.

Build Bot

Comment 14 2016-02-19 12:18:04 PST

Created attachment 271775 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5

Build Bot

Comment 15 2016-02-19 12:30:56 PST

Comment on attachment 271766 [details] Fix Attachment 271766 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/855569 Number of test failures exceeded the failure limit.

Build Bot

Comment 16 2016-02-19 12:31:00 PST

Created attachment 271777 [details] Archive of layout-test-results from ews116 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-yosemite Platform: Mac OS X 10.10.5

Gavin Barraclough

Comment 17 2016-02-19 16:46:29 PST

Created attachment 271819 [details] Fix

Geoffrey Garen

Comment 18 2016-02-19 17:26:16 PST

Comment on attachment 271819 [details] Fix r=me

Gavin Barraclough

Comment 19 2016-02-19 17:51:54 PST

Committed revision 196849.

Note You need to log in before you can comment on or make changes to this bug.