mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-29 04:09:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibJS: Disable optimization in IteratorNextUnpack if next() is redefined
Some checks are pending
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details

Browse source 
81b6a11 regressed correctness by always bypassing the `next()` method
resolution for built-in iterators, causing incorrect behavior when
`next()` was redefined on built-in prototypes. This change fixes the
issue by storing a flag on built-in prototypes indicating whether
`next()` has ever been redefined.
This commit is contained in:
Aliaksandr Kalenik 2025-05-12 04:27:25 +03:00 committed by Alexander Kalenik
commit f405d71657
Notes: github-actions[bot] 2025-05-12 11:42:25 +00:00
18 changed files with 151 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Libraries/LibJS/Runtime/Object.cpp
View file

@ -10,15 +10,19 @@
#include <LibJS/Runtime/AbstractOperations.h>
#include <LibJS/Runtime/Accessor.h>
#include <LibJS/Runtime/Array.h>
#include <LibJS/Runtime/ArrayIteratorPrototype.h>
#include <LibJS/Runtime/ClassFieldDefinition.h>
#include <LibJS/Runtime/ECMAScriptFunctionObject.h>
#include <LibJS/Runtime/Error.h>
#include <LibJS/Runtime/GlobalObject.h>
#include <LibJS/Runtime/MapIteratorPrototype.h>
#include <LibJS/Runtime/NativeFunction.h>
#include <LibJS/Runtime/Object.h>
#include <LibJS/Runtime/PropertyDescriptor.h>
#include <LibJS/Runtime/ProxyObject.h>
#include <LibJS/Runtime/SetIteratorPrototype.h>
#include <LibJS/Runtime/Shape.h>
#include <LibJS/Runtime/StringIteratorPrototype.h>
#include <LibJS/Runtime/Value.h>
namespace JS {
@ -957,6 +961,18 @@ ThrowCompletionOr<bool> Object::internal_set(PropertyKey const& property_key, Va
VERIFY(!value.is_special_empty_value());
VERIFY(!receiver.is_special_empty_value());
if (receiver.is_object() && property_key == vm().names.next) {
auto& receiver_object = receiver.as_object();
if (auto* array_iterator_prototype = as_if<ArrayIteratorPrototype>(receiver_object))
array_iterator_prototype->set_next_method_was_redefined();
else if (auto* map_iterator_prototype = as_if<MapIteratorPrototype>(receiver_object))
map_iterator_prototype->set_next_method_was_redefined();
else if (auto* set_iterator_prototype = as_if<SetIteratorPrototype>(receiver_object))
set_iterator_prototype->set_next_method_was_redefined();
else if (auto* string_iterator_prototype = as_if<StringIteratorPrototype>(receiver_object))
string_iterator_prototype->set_next_method_was_redefined();
}
// 2. Let ownDesc be ? O.[[GetOwnProperty]](P).
auto own_descriptor = TRY(internal_get_own_property(property_key));