From cfd86b747d32ac22246a1aa908eaa720c63a88c1 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Wed, 7 Nov 2012 11:22:47 +0100 Subject: Imported WebKit commit 20271caf2e2c016d5cef40184cddeefeac4f1876 (http://svn.webkit.org/repository/webkit/trunk@133733) New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes. --- Source/JavaScriptCore/runtime/Operations.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'Source/JavaScriptCore/runtime/Operations.h') diff --git a/Source/JavaScriptCore/runtime/Operations.h b/Source/JavaScriptCore/runtime/Operations.h index 30ba0b27d..01df7e98c 100644 --- a/Source/JavaScriptCore/runtime/Operations.h +++ b/Source/JavaScriptCore/runtime/Operations.h @@ -24,6 +24,7 @@ #include "ExceptionHelpers.h" #include "Interpreter.h" +#include "JSProxy.h" #include "JSString.h" #include "JSValueInlineMethods.h" @@ -297,19 +298,24 @@ namespace JSC { return jsAddSlowCase(callFrame, v1, v2); } +#define InvalidPrototypeChain (std::numeric_limits::max()) + inline size_t normalizePrototypeChain(CallFrame* callFrame, JSValue base, JSValue slotBase, const Identifier& propertyName, PropertyOffset& slotOffset) { JSCell* cell = base.asCell(); size_t count = 0; while (slotBase != cell) { + if (cell->isProxy()) + return InvalidPrototypeChain; + JSValue v = cell->structure()->prototypeForLookup(callFrame); // If we didn't find slotBase in base's prototype chain, then base // must be a proxy for another object. if (v.isNull()) - return 0; + return InvalidPrototypeChain; cell = v.asCell(); @@ -332,6 +338,9 @@ namespace JSC { { size_t count = 0; while (1) { + if (base->isProxy()) + return InvalidPrototypeChain; + JSValue v = base->structure()->prototypeForLookup(callFrame); if (v.isNull()) return count; -- cgit v1.2.1