Bug 208497

Summary: [JSC] @hasOwnLengthProperty returns wrong value if "length" is attempted to be modified
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: andy.niccolai, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mark.lam: review+

Description Yusuke Suzuki 2020-03-02 20:40:20 PST 
[JSC] @hasOwnLengthProperty returns wrong value if "length" is attempted to be modified
Comment 1 Yusuke Suzuki 2020-03-02 20:53:46 PST 
Created attachment 392246 [details]
Patch
Comment 2 Yusuke Suzuki 2020-03-02 20:54:28 PST 
<rdar://problem/59913544>
Comment 3 Yusuke Suzuki 2020-03-02 23:09:43 PST 
Checked mac-wk2 results and seems unrelated. Flaky crashes which happen without a patch too.
Comment 4 Mark Lam 2020-03-03 09:45:35 PST 
Comment on attachment 392246 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=392246&action=review

r=me

> Source/JavaScriptCore/ChangeLog:20
> +        2. We rename areNameAndLengthOriginal to canAssumeNameAndLengthOriginal to allow it to return

I suggest calling this canAssumeNameAndLengthAreOriginal instead.
Comment 5 Yusuke Suzuki 2020-03-03 10:16:43 PST 
Comment on attachment 392246 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=392246&action=review

>> Source/JavaScriptCore/ChangeLog:20
>> +        2. We rename areNameAndLengthOriginal to canAssumeNameAndLengthOriginal to allow it to return
> 
> I suggest calling this canAssumeNameAndLengthAreOriginal instead.

Fixed.
Comment 6 Yusuke Suzuki 2020-03-03 10:17:59 PST 
Committed r257784: <https://trac.webkit.org/changeset/257784>
Comment 7 Yusuke Suzuki 2020-03-25 19:07:07 PDT 
*** Bug 209571 has been marked as a duplicate of this bug. ***