ASSIGNED252228
constructFunctionSkippingEvalEnabledCheck() should use structureGlobalObject. 
https://bugs.webkit.org/show_bug.cgi?id=252228
Summary constructFunctionSkippingEvalEnabledCheck() should use structureGlobalObject.
Mark Lam
Reported 2023-02-13 21:56:10 PST
constructFunctionSkippingEvalEnabledCheck() is instantiating JSFunction, JSGeneratorFunction, JSAsyncFunction, and JSAsyncGeneratorFunction with a structure from potentially another realm. Hence, it should use the scope object from that realm as well.
Attachments
Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2023-02-13 21:58:01 PST
<rdar://problem/105434457>
Radar WebKit Bug Importer
Comment 2 2023-02-13 21:59:38 PST
<rdar://problem/105434535>
Mark Lam
Comment 3 2023-02-13 22:00:59 PST
<rdar://problem/105434457>
Mark Lam
Comment 4 2023-02-13 22:01:42 PST
Pull request: https://github.com/WebKit/WebKit/pull/10073
Note You need to log in before you can comment on or make changes to this bug.