258766 – JSC doesn't throw TypeError when call Uint8Array without new

Bug 258766 - JSC doesn't throw TypeError when call Uint8Array without new

Summary: JSC doesn't throw TypeError when call Uint8Array without new

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-07-01 06:28 PDT by YuHao Hu
Modified:	2024-08-20 01:23 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description YuHao Hu 2023-07-01 06:28:14 PDT

git commit id: 8cdb27dae2a958f4ad5ff00f4900a7c235835247

```
function opt(f) {
    try{
        return f(Uint8Array);
    }catch(e){
        print(e)
    }
}

print(opt(opt))
print(opt(opt))
```

run args:
WebKitBuild/Debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.001 test.js

program output:
TypeError: calling Uint8Array constructor without new is invalid
undefined
0,0,0

expected output:
TypeError: calling Uint8Array constructor without new is invalid
undefined
TypeError: calling Uint8Array constructor without new is invalid
undefined

At the last call to the `opt` function, `f` is `UInt8Array`. The engine need to throw an exception instead of creating the array object.

Comment 1 Radar WebKit Bug Importer 2023-07-08 06:29:16 PDT

<rdar://problem/111952807>

Comment 2 YuHao Hu 2024-08-20 01:23:02 PDT

seems this bug has been fixed