Bug 17925 - Crash in KJS::JSObject::put after setting this.__proto__
Summary: Crash in KJS::JSObject::put after setting this.__proto__
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Critical
Assignee: Mark Rowe (bdash)
Keywords: HasReduction, InRadar
Depends on:
Blocks: 13638
  Show dependency treegraph
Reported: 2008-03-18 16:33 PDT by Jesse Ruderman
Modified: 2008-05-27 17:46 PDT (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Ruderman 2008-03-18 16:33:37 PDT
Feeding this script to ToT Release/testkjs makes it crash.

this.__proto__ = 1; r = 2;
Comment 1 Mark Rowe (bdash) 2008-03-18 16:52:54 PDT
Comment 2 Mark Rowe (bdash) 2008-03-18 18:51:03 PDT
Fixed in r31145.
Comment 3 Anders Carlsson 2008-05-27 16:04:59 PDT
Reopening this since it still happens.
Comment 4 Anders Carlsson 2008-05-27 17:46:53 PDT
Committed revision 34160.