Bug 252228

Summary:	constructFunctionSkippingEvalEnabledCheck() should use structureGlobalObject.
Product:	WebKit	Reporter:	Mark Lam <mark.lam>
Component:	JavaScriptCore	Assignee:	Mark Lam <mark.lam>
Status:	ASSIGNED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Mark Lam

Reported 2023-02-13 21:56:10 PST

constructFunctionSkippingEvalEnabledCheck() is instantiating JSFunction, JSGeneratorFunction, JSAsyncFunction, and JSAsyncGeneratorFunction with a structure from potentially another realm. Hence, it should use the scope object from that realm as well.

Attachments
Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2023-02-13 21:58:01 PST

<rdar://problem/105434457>

Radar WebKit Bug Importer

Comment 2 2023-02-13 21:59:38 PST

<rdar://problem/105434535>

Mark Lam

Comment 3 2023-02-13 22:00:59 PST

<rdar://problem/105434457>

Mark Lam

Comment 4 2023-02-13 22:01:42 PST

Pull request: https://github.com/WebKit/WebKit/pull/10073

Note You need to log in before you can comment on or make changes to this bug.