Changeset 41846 in webkit


Ignore:
Timestamp:
Mar 19, 2009 5:03:57 PM (15 years ago)
Author:
cwzwarich@webkit.org
Message:

2009-03-19 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Geoff Garen.

Bug 23771: REGRESSION (r36016): JSObjectHasProperty freezes on global class without kJSClassAttributeNoAutomaticPrototype
<https://bugs.webkit.org/show_bug.cgi?id=23771>
<rdar://problem/6561016>

  • API/tests/testapi.c: (main): Add a test for this bug.
  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::resetPrototype): Don't set the prototype of the last object in the prototype chain to the object prototype when the object prototype is already the last object in the prototype chain.
Location:
trunk/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/JavaScriptCore/API/tests/testapi.c

    r36863 r41846  
    992992    JSClassRelease(globalObjectClass);
    993993
     994    // Test for an infinite prototype chain that used to be created. This test
     995    // passes if the call to JSObjectHasProperty() does not hang.
     996
     997    JSClassDefinition prototypeLoopClassDefinition = kJSClassDefinitionEmpty;
     998    prototypeLoopClassDefinition.staticFunctions = globalObject_staticFunctions;
     999    JSClassRef prototypeLoopClass = JSClassCreate(&prototypeLoopClassDefinition);
     1000    JSGlobalContextRef prototypeLoopContext = JSGlobalContextCreateInGroup(NULL, prototypeLoopClass);
     1001
     1002    JSStringRef nameProperty = JSStringCreateWithUTF8CString("name");
     1003    JSObjectHasProperty(prototypeLoopContext, JSContextGetGlobalObject(prototypeLoopContext), nameProperty);
     1004
     1005    JSGlobalContextRelease(prototypeLoopContext);
     1006    JSClassRelease(prototypeLoopClass);
     1007
     1008    printf("PASS: Infinite prototype chain does not occur.\n");
     1009
    9941010    printf("PASS: Program exited normally.\n");
    9951011    return 0;
  • trunk/JavaScriptCore/ChangeLog

    r41845 r41846  
     12009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
     2
     3        Reviewed by Geoff Garen.
     4
     5        Bug 23771: REGRESSION (r36016): JSObjectHasProperty freezes on global class without kJSClassAttributeNoAutomaticPrototype
     6        <https://bugs.webkit.org/show_bug.cgi?id=23771>
     7        <rdar://problem/6561016>
     8
     9        * API/tests/testapi.c:
     10        (main): Add a test for this bug.
     11        * runtime/JSGlobalObject.cpp:
     12        (JSC::JSGlobalObject::resetPrototype): Don't set the prototype of the
     13        last object in the prototype chain to the object prototype when the
     14        object prototype is already the last object in the prototype chain.
     15
    1162009-03-19  Timothy Hatcher  <timothy@apple.com>
    217
  • trunk/JavaScriptCore/runtime/JSGlobalObject.cpp

    r41126 r41846  
    342342{
    343343    setPrototype(prototype);
    344     lastInPrototypeChain(this)->setPrototype(d()->objectPrototype);
     344
     345    JSObject* oldLastInPrototypeChain = lastInPrototypeChain(this);
     346    JSObject* objectPrototype = d()->objectPrototype;
     347    if (oldLastInPrototypeChain != objectPrototype)
     348        oldLastInPrototypeChain->setPrototype(objectPrototype);
    345349}
    346350
Note: See TracChangeset for help on using the changeset viewer.