RESOLVED FIXED 273978
[JSC] Private brand can be empty in computed property name 
https://bugs.webkit.org/show_bug.cgi?id=273978
Summary [JSC] Private brand can be empty in computed property name
David Degazio
Reported 2024-05-09 15:49:57 PDT
rdar://124072928 It's possible to access private members of a class during its own definition via computed property names, consider: class Foo { static #private; [Foo.#private] = 42; } This code isn't particularly sensible - within an incomplete class definition, neither `this` nor the class itself are defined, so as far as I can tell there is no valid base for a private field access within any computed property name. But, in our implementation, the fact that the private brand is specifically empty/null at this point (we install it in the class lexical environment after the class definition is finished) means we can occasionally run into crashes when comparing it to other cells. Let's add a check for an empty private brand when we check it during a field access, so we can fail gracefully and throw an exception.
Attachments
Add attachment proposed patch, testcase, etc.
David Degazio
Comment 1 2024-05-09 16:18:48 PDT
Pull request: https://github.com/WebKit/WebKit/pull/28370
EWS
Comment 2 2024-05-10 17:14:52 PDT
Committed 278642@main (dab4400141ad): <https://commits.webkit.org/278642@main> Reviewed commits have been landed. Closing PR #28370 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.