RESOLVED FIXED 142883
eval("this.foo") causes a crash if this had not been initialized in a derived class's constructor 
https://bugs.webkit.org/show_bug.cgi?id=142883
Summary eval("this.foo") causes a crash if this had not been initialized in a derived...
Ryosuke Niwa
Reported 2015-03-19 15:52:07 PDT
new (class extends class {} { constructor() { eval("this.foo"); super(); } } new B; print("PASS"); results in a crash because we fail to emit a TDZ check.
Attachments
WIP (24.45 KB, patch)
2015-03-28 01:21 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Fixes the crash (25.08 KB, patch)
2015-03-30 21:15 PDT, Ryosuke Niwa 		fpizlo: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2015-03-28 01:21:52 PDT
Created attachment 249655 [details] WIP
Ryosuke Niwa
Comment 2 2015-03-30 21:15:46 PDT
Created attachment 249795 [details] Fixes the crash
WebKit Commit Bot
Comment 3 2015-03-30 21:18:03 PDT
Attachment 249795 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/parser/Parser.cpp:212: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] Total errors found: 1 in 21 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 4 2015-03-31 12:09:49 PDT
Comment on attachment 249795 [details] Fixes the crash Nice!
Ryosuke Niwa
Comment 5 2015-03-31 12:43:41 PDT
Committed r182198: <http://trac.webkit.org/changeset/182198>
Alexey Proskuryakov
Comment 6 2015-03-31 23:57:06 PDT
Did this patch cause the below failures on Windows? The bot was broken due to r182200 at first, so the range is somewhat long - but I don't see anything else related checked in recently. https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r182213%20(65485)/results.html
Ryosuke Niwa
Comment 7 2015-04-01 03:07:44 PDT
(In reply to comment #6) > Did this patch cause the below failures on Windows? The bot was broken due > to r182200 at first, so the range is somewhat long - but I don't see > anything else related checked in recently. > > https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/ > r182213%20(65485)/results.html Seems unlikely as the code only runs when class syntax is used.
Note You need to log in before you can comment on or make changes to this bug.