Bug 130279 - Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when undefined
Summary: Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when ...
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
Keywords: InRadar
Depends on:
Reported: 2014-03-14 19:22 PDT by Mark Lam
Modified: 2014-03-14 23:31 PDT (History)
6 users (show)

See Also:

the patch. (5.24 KB, patch)
2014-03-14 19:29 PDT, Mark Lam
fpizlo: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2014-03-14 19:22:38 PDT
If both the getter nor setter are not defined, accessing __lookupGetter__ and __lookupSetter__ will return undefined as expected.  However, if the getter is defined but the setter is not, accessing __lookupSetter__ will crash the VM.  Similarly, accessing __lookupGetter__ when only the setter is set will crash the VM.

The reason is because objectProtoFuncLookupGetter() and objectProtoFuncLookupSetter() did not check if the getter and setter value is non-null before returning it as an EncodedJSValue.  The fix is to add the appropriate null checks.

ref: <rdar://problem/16316505>
Comment 1 Mark Lam 2014-03-14 19:29:01 PDT
Created attachment 226794 [details]
the patch.
Comment 2 Filip Pizlo 2014-03-14 19:52:28 PDT
Comment on attachment 226794 [details]
the patch.

Comment 3 Mark Lam 2014-03-14 23:31:48 PDT
Thanks for the review.  Landed in r165680: <http://trac.webkit.org/r165680>.