Bug 216764

Summary: [JSC] Proxy should be trapped if base value is primitive
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ashvayka, darin, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch darin: review+

Yusuke Suzuki
Reported 2020-09-21 02:25:24 PDT
[JSC] Proxy should be trapped if base value is primitive
Attachments
Patch (5.50 KB, patch)
2020-09-21 02:30 PDT, Yusuke Suzuki 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2020-09-21 02:30:03 PDT
Created attachment 409264 [details] Patch
Darin Adler
Comment 2 2020-09-21 09:49:39 PDT
Comment on attachment 409264 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409264&action=review > Source/JavaScriptCore/runtime/JSCJSValue.cpp:188 > + ProxyObject* proxy = jsCast<ProxyObject*>(obj); auto to avoid repeating the same type name twice?
Yusuke Suzuki
Comment 3 2020-09-21 11:28:14 PDT
Committed r267348: <https://trac.webkit.org/changeset/267348>
Yusuke Suzuki
Comment 4 2020-09-21 11:30:07 PDT
Landed with the proposed change.
Radar WebKit Bug Importer
Comment 5 2020-09-21 12:22:29 PDT
<rdar://problem/69319577>
Alexey Shvayka
Comment 6 2020-10-19 12:59:14 PDT
Comment on attachment 409264 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409264&action=review > Source/JavaScriptCore/ChangeLog:9 > + So, if proxy exists in the prototype chain for the primitive values (e.g. StringPrototype -> Proxy chain), While this patch nicely handles ProxyObject, other objects that override put() need special care as well. Please see https://bugs.webkit.org/show_bug.cgi?id=217916.
Note You need to log in before you can comment on or make changes to this bug.