208497 – [JSC] @hasOwnLengthProperty returns wrong value if "length" is attempted to be modified

Bug 208497 - [JSC] @hasOwnLengthProperty returns wrong value if "length" is attempted to be modified

Summary: [JSC] @hasOwnLengthProperty returns wrong value if "length" is attempted to b...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Duplicates (1):	209571 (view as bug list)
Depends on:
Blocks:

Reported:	2020-03-02 20:40 PST by Yusuke Suzuki
Modified:	2020-03-25 19:07 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (13.10 KB, patch) 2020-03-02 20:53 PST, Yusuke Suzuki	mark.lam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yusuke Suzuki 2020-03-02 20:40:20 PST

[JSC] @hasOwnLengthProperty returns wrong value if "length" is attempted to be modified

Comment 1 Yusuke Suzuki 2020-03-02 20:53:46 PST

Created attachment 392246 [details]
Patch

Comment 2 Yusuke Suzuki 2020-03-02 20:54:28 PST

<rdar://problem/59913544>

Comment 3 Yusuke Suzuki 2020-03-02 23:09:43 PST

Checked mac-wk2 results and seems unrelated. Flaky crashes which happen without a patch too.

Comment 4 Mark Lam 2020-03-03 09:45:35 PST

Comment on attachment 392246 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=392246&action=review

r=me

> Source/JavaScriptCore/ChangeLog:20
> +        2. We rename areNameAndLengthOriginal to canAssumeNameAndLengthOriginal to allow it to return

I suggest calling this canAssumeNameAndLengthAreOriginal instead.

Comment 5 Yusuke Suzuki 2020-03-03 10:16:43 PST

Comment on attachment 392246 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=392246&action=review

>> Source/JavaScriptCore/ChangeLog:20
>> +        2. We rename areNameAndLengthOriginal to canAssumeNameAndLengthOriginal to allow it to return
> 
> I suggest calling this canAssumeNameAndLengthAreOriginal instead.

Fixed.

Comment 6 Yusuke Suzuki 2020-03-03 10:17:59 PST

Committed r257784: <https://trac.webkit.org/changeset/257784>

Comment 7 Yusuke Suzuki 2020-03-25 19:07:07 PDT

*** Bug 209571 has been marked as a duplicate of this bug. ***