Bug 17925

Summary: Crash in KJS::JSObject::put after setting this.__proto__
Product: WebKit Reporter: Jesse Ruderman <jruderman>
Component: JavaScriptCoreAssignee: Mark Rowe (bdash) <mrowe>
Status: RESOLVED FIXED    
Severity: Critical CC: eric, mjs
Priority: P2 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 13638    

Jesse Ruderman
Reported 2008-03-18 16:33:37 PDT
Feeding this script to ToT Release/testkjs makes it crash. this.__proto__ = 1; r = 2;
Attachments
Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-03-18 16:52:54 PDT
<rdar://problem/5806428>
Mark Rowe (bdash)
Comment 2 2008-03-18 18:51:03 PDT
Fixed in r31145.
Anders Carlsson
Comment 3 2008-05-27 16:04:59 PDT
Reopening this since it still happens.
Anders Carlsson
Comment 4 2008-05-27 17:46:53 PDT
Committed revision 34160.
Note You need to log in before you can comment on or make changes to this bug.