Bug 196617

Summary: [JSC] DFG should respect node's strict flag
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch saam: review+

Description Yusuke Suzuki 2019-04-04 12:13:29 PDT 
...
Comment 1 Yusuke Suzuki 2019-04-07 03:26:03 PDT 
Seems like a DFG bug. Looking into it.
Comment 2 Yusuke Suzuki 2019-04-08 18:35:35 PDT 
Found the bug. DFGSpeculativeJIT has some code like, `m_jit.codeBlock()->isStrictMode()`. This is obviously wrong since it does not consider inlined CodeBlocks.
Comment 3 Yusuke Suzuki 2019-04-08 19:23:34 PDT 
Created attachment 367014 [details]
Patch
Comment 4 EWS Watchlist 2019-04-08 19:27:13 PDT 
Attachment 367014 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/ChangeLog:13:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer  [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 14 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 5 Saam Barati 2019-04-08 20:15:55 PDT 
Comment on attachment 367014 [details]
Patch

r=me
Comment 6 Yusuke Suzuki 2019-04-08 20:23:21 PDT 
Committed r244067: <https://trac.webkit.org/changeset/244067>
Comment 7 Radar WebKit Bug Importer 2019-04-08 20:24:24 PDT 
<rdar://problem/49722731>