Bug 6985

Summary: cyclic __proto__ values aren't caught
Product: WebKit Reporter: Ian 'Hixie' Hickson <ian>
Component: JavaScriptCoreAssignee: Eric Seidel (no email) <eric>
Status: RESOLVED FIXED    
Severity: Critical CC: gavin.sharp, ian
Priority: P1    
Version: 420+   
Hardware: PC   
OS: Linux   
URL: data:text/html,%3C%21DOCTYPE%20html%3E%0A%3Cscript%3E%0Avar%20o1%20%3D%20%7B%20p1%3A%201%20%7D%3B%0Avar%20o2%20%3D%20%7B%20p2%3A%202%20%7D%3B%0Ao2.__proto__%20%3D%20o1%3B%0Avar%20o3%20%3D%20%7B%20p3%3A%203%20%7D%3B%0Ao3.__proto__%20%3D%20o2%3B%0Ao1.__proto__%20%3D%20o3%3B%20//%20this%20hangs%0A%3C/script%3E
Bug Depends on:    
Bug Blocks: 13638    
Attachments:
Description Flags
the fix mjs: review+

Description Ian 'Hixie' Hickson 2006-01-31 16:34:40 PST 
STEPS TO REPRODUCE
   Run the following JS:

   var o1 = { p1: 1 };
   var o2 = { p2: 2 };
   o2.__proto__ = o1;
   var o3 = { p3: 3 };
   o3.__proto__ = o2;
   o1.__proto__ = o3; // this hangs

ACTUAL RESULTS
   Hang.

EXPECTED RESULTS
   It should raise an exception "cyclic __proto__ value".
Comment 1 Eric Seidel (no email) 2007-05-09 03:27:53 PDT 
Created attachment 14427 [details]
the fix
Comment 2 Eric Seidel (no email) 2007-05-09 03:32:48 PDT 
As a reproducible crasher, this should be a P1.
Comment 3 Eric Seidel (no email) 2007-05-09 03:59:16 PDT 
Fixed in r21332.
Comment 4 Maciej Stachowiak 2007-05-09 04:00:37 PDT 
Comment on attachment 14427 [details]
the fix

r=me