Attachment 373115 Details for Bug 163446 – Patch

[patch] Patch

bug-163446-20190628172707.patch (text/plain), 4.59 KB, created by Alexey Shvayka on 2019-06-28 07:27:09 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Alexey Shvayka

Created: 2019-06-28 07:27:09 PDT

Size: 4.59 KB

patch

obsolete

>Index: JSTests/ChangeLog
>===================================================================
>--- JSTests/ChangeLog	(revision 246923)
>+++ JSTests/ChangeLog	(working copy)
>@@ -1,3 +1,12 @@
>+2019-06-28  Alexey Shvayka  <shvaikalesh@gmail.com>
>+
>+        JSON.parse should not modify non-configurable properties.
>+        https://bugs.webkit.org/show_bug.cgi?id=163446
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        * stress/json-parse-reviver-non-configurable.js: Added.
>+
> 2019-06-26  Keith Miller  <keith_miller@apple.com>
> 
>         speciesConstruct needs to throw if the result is a DataView
>Index: JSTests/stress/json-parse-reviver-non-configurable.js
>===================================================================
>--- JSTests/stress/json-parse-reviver-non-configurable.js	(nonexistent)
>+++ JSTests/stress/json-parse-reviver-non-configurable.js	(working copy)
>@@ -0,0 +1,35 @@
>+function shouldBe(actual, expected) {
>+    if (actual !== expected)
>+        throw new Error('bad value: ' + actual);
>+}
>+
>+function objReviver(key, value) {
>+    if (key === 'a')
>+        Object.defineProperty(this, 'b', {configurable: false});
>+    if (key === 'b') return 12;
>+
>+    return value;
>+}
>+
>+function arrReviver(key, value) {
>+    if (key === '0')
>+        Object.defineProperty(this, '1', {configurable: false});
>+    if (key === '1') return 24;
>+
>+    return value;
>+}
>+
>+const objJSON = '{"a": 1, "b": 2}';
>+const arrJSON = '[3, 4]';
>+
>+for (let i = 1; i < 10000; i++) {
>+    let obj = JSON.parse(objJSON, objReviver);
>+    shouldBe(obj.a, 1);
>+    shouldBe(obj.b, 2);
>+}
>+
>+for (let i = 1; i < 10000; i++) {
>+    let arr = JSON.parse(arrJSON, arrReviver);
>+    shouldBe(arr[0], 3);
>+    shouldBe(arr[1], 4);
>+}
>Index: Source/JavaScriptCore/ChangeLog
>===================================================================
>--- Source/JavaScriptCore/ChangeLog	(revision 246841)
>+++ Source/JavaScriptCore/ChangeLog	(working copy)
>@@ -1,3 +1,16 @@
>+2019-06-28  Alexey Shvayka  <shvaikalesh@gmail.com>
>+
>+        JSON.parse should not modify non-configurable properties.
>+        https://bugs.webkit.org/show_bug.cgi?id=163446
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Use [[DefineOwnProperty]] instead of [[Set]].
>+        (step 2 of https://tc39.es/ecma262/#sec-internalizejsonproperty)
>+
>+        * runtime/JSONObject.cpp:
>+        (JSC::Walker::walk):
>+
> 2019-06-26  Keith Miller  <keith_miller@apple.com>
> 
>         remove unneeded didBecomePrototype() calls
>Index: Source/JavaScriptCore/runtime/JSONObject.cpp
>===================================================================
>--- Source/JavaScriptCore/runtime/JSONObject.cpp	(revision 246841)
>+++ Source/JavaScriptCore/runtime/JSONObject.cpp	(working copy)
>@@ -709,8 +709,11 @@ NEVER_INLINE JSValue Walker::walk(JSValu
>                 RETURN_IF_EXCEPTION(scope, { });
>                 if (filteredValue.isUndefined())
>                     array->methodTable(vm)->deletePropertyByIndex(array, m_exec, indexStack.last());
>-                else
>-                    array->putDirectIndex(m_exec, indexStack.last(), filteredValue, 0, PutDirectIndexShouldNotThrow);
>+                else {
>+                    PropertyDescriptor desc(filteredValue, static_cast<unsigned>(PropertyAttribute::None));
>+                    bool shouldThrow = false;
>+                    array->defineOwnIndexedProperty(m_exec, indexStack.last(), desc, shouldThrow);
>+                }
>                 RETURN_IF_EXCEPTION(scope, { });
>                 indexStack.last()++;
>                 goto arrayStartVisitMember;
>@@ -761,13 +764,15 @@ NEVER_INLINE JSValue Walker::walk(JSValu
>             case ObjectEndVisitMember: {
>                 JSObject* object = jsCast<JSObject*>(markedStack.last());
>                 Identifier prop = propertyStack.last()[indexStack.last()];
>-                PutPropertySlot slot(object);
>                 JSValue filteredValue = callReviver(object, jsString(m_exec, prop.string()), outValue);
>                 RETURN_IF_EXCEPTION(scope, { });
>                 if (filteredValue.isUndefined())
>                     object->methodTable(vm)->deleteProperty(object, m_exec, prop);
>-                else
>-                    object->methodTable(vm)->put(object, m_exec, prop, filteredValue, slot);
>+                else {
>+                    PropertyDescriptor desc(filteredValue, static_cast<unsigned>(PropertyAttribute::None));
>+                    bool shouldThrow = false;
>+                    object->methodTable(vm)->defineOwnProperty(object, m_exec, prop, desc, shouldThrow);
>+                }
>                 RETURN_IF_EXCEPTION(scope, { });
>                 indexStack.last()++;
>                 goto objectStartVisitMember;

Actions: View | Formatted Diff | Diff

Attachments on bug 163446: 373115 | 373116 | 373119 | 373120 | 373121 | 373128 | 373136 | 373178 | 373180 | 373199 | 373595 | 404651