From 8a67366057bbfb6c65f46867edbb45c83af09627 Mon Sep 17 00:00:00 2001 From: Kent Hansen Date: Mon, 9 Jul 2012 20:36:22 +0200 Subject: Check that property descriptor members are valid before using them Even if getPropertyDescriptor() returns true, it's not guaranteed that PropertyDescriptor::setter() or PropertyDescriptor::value() returns a valid JSC value. This code is in an "#ifdef QT_BUILD_SCRIPT_LIB" block, i.e. a patch we added on top of the original JSC sources. The lack of checks caused the getter-in-prototype and indexed-accessors tests from the V8 test suite to assert in debug mode. Cherry-picked from qt5/qtscript commit db17c14cace450e20745839014075c0263f8618f Task-number: QTBUG-17915 Change-Id: I55db26cfe4b63363be92a0b75f2c69b878ea9ef3 Reviewed-by: Olivier Goffart --- src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp index 0e3475f..8706b8d 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp +++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp @@ -138,8 +138,8 @@ void JSObject::put(ExecState* exec, const Identifier& propertyName, JSValue valu PropertyDescriptor descriptor; if (obj->getPropertyDescriptor(exec, propertyName, descriptor)) { JSObject* setterFunc; - if ((descriptor.isAccessorDescriptor() && ((setterFunc = asObject(descriptor.setter())), true)) - || (descriptor.value().isGetterSetter() && ((setterFunc = asGetterSetter(descriptor.value())->setter()), true))) { + if ((descriptor.isAccessorDescriptor() && !!descriptor.setter() && ((setterFunc = asObject(descriptor.setter())), true)) + || (!!descriptor.value() && descriptor.value().isGetterSetter() && ((setterFunc = asGetterSetter(descriptor.value())->setter()), true))) { #else if (JSValue gs = obj->getDirect(propertyName)) { if (gs.isGetterSetter()) { -- cgit v0.12