258766 – JSC doesn't throw TypeError when call Uint8Array without new

NEW 258766

JSC doesn't throw TypeError when call Uint8Array without new

https://bugs.webkit.org/show_bug.cgi?id=258766

Summary JSC doesn't throw TypeError when call Uint8Array without new

YuHao Hu

Reported 2023-07-01 06:28:14 PDT

git commit id: 8cdb27dae2a958f4ad5ff00f4900a7c235835247 ``` function opt(f) { try{ return f(Uint8Array); }catch(e){ print(e) } } print(opt(opt)) print(opt(opt)) ``` run args: WebKitBuild/Debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.001 test.js program output: TypeError: calling Uint8Array constructor without new is invalid undefined 0,0,0 expected output: TypeError: calling Uint8Array constructor without new is invalid undefined TypeError: calling Uint8Array constructor without new is invalid undefined At the last call to the `opt` function, `f` is `UInt8Array`. The engine need to throw an exception instead of creating the array object.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-07-08 06:29:16 PDT

<rdar://problem/111952807>

YuHao Hu

Comment 2 2024-08-20 01:23:02 PDT

seems this bug has been fixed

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2023-07-01 06:28 PDT

Modified

2024-08-20 01:23 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks