RESOLVED FIXED 267494
[JSC] Throw RangeError if Set methods are called on an object with negative "size" property 
https://bugs.webkit.org/show_bug.cgi?id=267494
Summary [JSC] Throw RangeError if Set methods are called on an object with negative "...
zloirock
Reported 2024-01-13 03:34:06 PST
new Set([1, 2, 3]).difference({ size: -1, has() { return false; }, keys() { return { next() { return { done: true }; } }; }, }); should be a RangeError, GetSetRecord step 7.
Attachments
Add attachment proposed patch, testcase, etc.
zloirock
Comment 1 2024-01-13 03:49:56 PST
Similar V8 issue https://bugs.chromium.org/p/v8/issues/detail?id=14559
Radar WebKit Bug Importer
Comment 2 2024-01-20 03:35:13 PST
<rdar://problem/121310940>
Alexey Shvayka
Comment 3 2024-02-01 14:08:57 PST
Pull request: https://github.com/WebKit/WebKit/pull/23689
EWS
Comment 4 2024-02-02 12:53:13 PST
Committed 274009@main (eeda72823e71): <https://commits.webkit.org/274009@main> Reviewed commits have been landed. Closing PR #23689 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.