If both the getter nor setter are not defined, accessing __lookupGetter__ and __lookupSetter__ will return undefined as expected. However, if the getter is defined but the setter is not, accessing __lookupSetter__ will crash the VM. Similarly, accessing __lookupGetter__ when only the setter is set will crash the VM.
The reason is because objectProtoFuncLookupGetter() and objectProtoFuncLookupSetter() did not check if the getter and setter value is non-null before returning it as an EncodedJSValue. The fix is to add the appropriate null checks.
Created attachment 226794 [details]
Comment on attachment 226794 [details]
Thanks for the review. Landed in r165680: <http://trac.webkit.org/r165680>.