Bug 216764

Summary: [JSC] Proxy should be trapped if base value is primitive
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ashvayka, darin, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch darin: review+

Description Yusuke Suzuki 2020-09-21 02:25:24 PDT 
[JSC] Proxy should be trapped if base value is primitive
Comment 1 Yusuke Suzuki 2020-09-21 02:30:03 PDT 
Created attachment 409264 [details]
Patch
Comment 2 Darin Adler 2020-09-21 09:49:39 PDT 
Comment on attachment 409264 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409264&action=review

> Source/JavaScriptCore/runtime/JSCJSValue.cpp:188
> +                ProxyObject* proxy = jsCast<ProxyObject*>(obj);

auto to avoid repeating the same type name twice?
Comment 3 Yusuke Suzuki 2020-09-21 11:28:14 PDT 
Committed r267348: <https://trac.webkit.org/changeset/267348>
Comment 4 Yusuke Suzuki 2020-09-21 11:30:07 PDT 
Landed with the proposed change.
Comment 5 Radar WebKit Bug Importer 2020-09-21 12:22:29 PDT 
<rdar://problem/69319577>
Comment 6 Alexey Shvayka 2020-10-19 12:59:14 PDT 
Comment on attachment 409264 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=409264&action=review

> Source/JavaScriptCore/ChangeLog:9
> +        So, if proxy exists in the prototype chain for the primitive values (e.g. StringPrototype -> Proxy chain),

While this patch nicely handles ProxyObject, other objects that override put() need special care as well.
Please see https://bugs.webkit.org/show_bug.cgi?id=217916.