Object.freeze broken on latest Nightly
https://bugs.webkit.org/show_bug.cgi?id=80577
Reviewed by Oliver Hunt.
Source/JavaScriptCore:
* runtime/Arguments.cpp:
(JSC::Arguments::defineOwnProperty):
- defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
* runtime/JSFunction.cpp:
(JSC::JSFunction::defineOwnProperty):
- for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
the object must be extensible; this is incorrect since these properties should already exist
on the object. In addition, it was asserting that the arguments/caller values must match the
corresponding magic data properties, but for strict mode function this is incorrect. Instead,
just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
LayoutTests:
* fast/js/preventExtensions-expected.txt:
* fast/js/script-tests/preventExtensions.js:
(shouldBeTrue):
(shouldBeFalse.shouldBeFalse.preventExtensionsFreezeIsFrozen):
- Added test cases.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@111250 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/runtime/Arguments.cpp b/Source/JavaScriptCore/runtime/Arguments.cpp
index 7a53ec1..e5f54c2 100644
--- a/Source/JavaScriptCore/runtime/Arguments.cpp
+++ b/Source/JavaScriptCore/runtime/Arguments.cpp
@@ -306,6 +306,7 @@
bool isArrayIndex;
unsigned i = propertyName.toArrayIndex(isArrayIndex);
if (isArrayIndex && i < thisObject->d->numArguments) {
+ object->putDirect(exec->globalData(), propertyName, thisObject->argument(i).get(), 0);
if (!Base::defineOwnProperty(object, exec, propertyName, descriptor, shouldThrow))
return false;
@@ -331,35 +332,16 @@
thisObject->d->deletedArguments[i] = true;
}
}
-
return true;
}
if (propertyName == exec->propertyNames().length && !thisObject->d->overrodeLength) {
+ thisObject->putDirect(exec->globalData(), propertyName, jsNumber(thisObject->d->numArguments), DontEnum);
thisObject->d->overrodeLength = true;
- if (!descriptor.isAccessorDescriptor()) {
- if (!descriptor.value())
- descriptor.setValue(jsNumber(thisObject->d->numArguments));
- if (!descriptor.configurablePresent())
- descriptor.setConfigurable(true);
- }
- if (!descriptor.configurablePresent())
- descriptor.setConfigurable(true);
- }
-
- if (propertyName == exec->propertyNames().callee && !thisObject->d->overrodeCallee) {
+ } else if (propertyName == exec->propertyNames().callee && !thisObject->d->overrodeCallee) {
+ thisObject->putDirect(exec->globalData(), propertyName, thisObject->d->callee.get(), DontEnum);
thisObject->d->overrodeCallee = true;
- if (!descriptor.isAccessorDescriptor()) {
- if (!descriptor.value())
- descriptor.setValue(thisObject->d->callee.get());
- if (!descriptor.configurablePresent())
- descriptor.setConfigurable(true);
- }
- if (!descriptor.configurablePresent())
- descriptor.setConfigurable(true);
- }
-
- if (propertyName == exec->propertyNames().caller && thisObject->d->isStrictMode)
+ } else if (propertyName == exec->propertyNames().caller && thisObject->d->isStrictMode)
thisObject->createStrictModeCallerIfNecessary(exec);
return Base::defineOwnProperty(object, exec, propertyName, descriptor, shouldThrow);
