Title: [216526] branches/safari-603-branch/Source/_javascript_Core
- Revision
- 216526
- Author
- matthew_han...@apple.com
- Date
- 2017-05-09 11:05:26 -0700 (Tue, 09 May 2017)
Log Message
Cherry-pick r216309. rdar://problem/31971364
Modified Paths
Diff
Modified: branches/safari-603-branch/Source/_javascript_Core/ChangeLog (216525 => 216526)
--- branches/safari-603-branch/Source/_javascript_Core/ChangeLog 2017-05-09 18:05:23 UTC (rev 216525)
+++ branches/safari-603-branch/Source/_javascript_Core/ChangeLog 2017-05-09 18:05:26 UTC (rev 216526)
@@ -1,5 +1,26 @@
2017-05-09 Matthew Hanson <matthew_han...@apple.com>
+ Cherry-pick r216309. rdar://problem/31971364
+
+ 2017-05-05 Keith Miller <keith_mil...@apple.com>
+
+ Put does not properly consult the prototype chain
+ https://bugs.webkit.org/show_bug.cgi?id=171754
+
+ Reviewed by Saam Barati.
+
+ We should do a follow up that cleans up the rest of put. See:
+ https://bugs.webkit.org/show_bug.cgi?id=171759
+
+ * runtime/JSCJSValue.cpp:
+ (JSC::JSValue::putToPrimitive):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putInlineSlow):
+ * runtime/JSObjectInlines.h:
+ (JSC::JSObject::canPerformFastPutInline):
+
+2017-05-09 Matthew Hanson <matthew_han...@apple.com>
+
Cherry-pick r215596. rdar://problem/31971150
2017-04-20 Mark Lam <mark....@apple.com>
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/JSCJSValue.cpp (216525 => 216526)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/JSCJSValue.cpp 2017-05-09 18:05:23 UTC (rev 216525)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/JSCJSValue.cpp 2017-05-09 18:05:26 UTC (rev 216526)
@@ -160,7 +160,9 @@
JSValue prototype;
if (propertyName != vm.propertyNames->underscoreProto) {
for (; !obj->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto(); obj = asObject(prototype)) {
- prototype = obj->getPrototypeDirect();
+ prototype = obj->getPrototype(vm, exec);
+ RETURN_IF_EXCEPTION(scope, false);
+
if (prototype.isNull())
return typeError(exec, scope, slot.isStrictMode(), ASCIILiteral(ReadonlyPropertyWriteError));
}
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/JSObject.cpp (216525 => 216526)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/JSObject.cpp 2017-05-09 18:05:23 UTC (rev 216525)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/JSObject.cpp 2017-05-09 18:05:26 UTC (rev 216526)
@@ -802,13 +802,13 @@
ProxyObject* proxy = jsCast<ProxyObject*>(obj);
return proxy->ProxyObject::put(proxy, exec, propertyName, value, slot);
}
- JSValue prototype = obj->getPrototypeDirect();
+ JSValue prototype = obj->getPrototype(vm, exec);
+ RETURN_IF_EXCEPTION(scope, false);
if (prototype.isNull())
break;
obj = asObject(prototype);
}
- ASSERT(!structure(vm)->prototypeChainMayInterceptStoreTo(vm, propertyName) || obj == this);
if (!putDirectInternal<PutModePut>(vm, propertyName, value, 0, slot))
return typeError(exec, scope, slot.isStrictMode(), ASCIILiteral(ReadonlyPropertyWriteError));
return true;
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/JSObjectInlines.h (216525 => 216526)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/JSObjectInlines.h 2017-05-09 18:05:23 UTC (rev 216525)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/JSObjectInlines.h 2017-05-09 18:05:26 UTC (rev 216526)
@@ -69,7 +69,8 @@
JSValue prototype;
JSObject* obj = this;
while (true) {
- if (obj->structure(vm)->hasReadOnlyOrGetterSetterPropertiesExcludingProto() || obj->type() == ProxyObjectType)
+ MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
+ if (obj->structure(vm)->hasReadOnlyOrGetterSetterPropertiesExcludingProto() || obj->methodTable(vm)->getPrototype != defaultGetPrototype)
return false;
prototype = obj->getPrototypeDirect();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
