Changeset 101539 in webkit for trunk/Source/JavaScriptCore/API


Ignore:
Timestamp:
Nov 30, 2011, 11:36:43 AM (14 years ago)
Author:
[email protected]
Message:

toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback
https://bugs.webkit.org/show_bug.cgi?id=73368

Reviewed by Darin Adler.

We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever
happens to be in the first class of the chain, which potentially could be null.

<rdar://problem/10493218>

  • API/JSCallbackFunction.cpp:

(JSC::JSCallbackFunction::toStringCallback):
(JSC::JSCallbackFunction::valueOfCallback):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/API/JSCallbackFunction.cpp

    r100006 r101539  
    8888{
    8989    JSObject* object = toJS(thisObject);
    90     if (object->inherits(&JSCallbackObject<JSNonFinalObject>::s_info))
    91         return jsCast<JSCallbackObject<JSNonFinalObject>*>(object)->classRef()->convertToType(ctx, thisObject, kJSTypeString, exception);
    92     if (object->inherits(&JSCallbackObject<JSGlobalObject>::s_info))
    93         return jsCast<JSCallbackObject<JSGlobalObject>*>(object)->classRef()->convertToType(ctx, thisObject, kJSTypeString, exception);
     90    if (object->inherits(&JSCallbackObject<JSNonFinalObject>::s_info)) {
     91        for (JSClassRef jsClass = jsCast<JSCallbackObject<JSNonFinalObject>*>(object)->classRef(); jsClass; jsClass = jsClass->parentClass)
     92            if (jsClass->convertToType)
     93                return jsClass->convertToType(ctx, thisObject, kJSTypeString, exception);
     94    } else if (object->inherits(&JSCallbackObject<JSGlobalObject>::s_info)) {
     95        for (JSClassRef jsClass = jsCast<JSCallbackObject<JSGlobalObject>*>(object)->classRef(); jsClass; jsClass = jsClass->parentClass)
     96            if (jsClass->convertToType)
     97                return jsClass->convertToType(ctx, thisObject, kJSTypeString, exception);
     98    }
    9499    return 0;
    95100}
     
    98103{
    99104    JSObject* object = toJS(thisObject);
    100     if (object->inherits(&JSCallbackObject<JSNonFinalObject>::s_info))
    101         return jsCast<JSCallbackObject<JSNonFinalObject>*>(object)->classRef()->convertToType(ctx, thisObject, kJSTypeNumber, exception);
    102     if (object->inherits(&JSCallbackObject<JSGlobalObject>::s_info))
    103         return jsCast<JSCallbackObject<JSGlobalObject>*>(object)->classRef()->convertToType(ctx, thisObject, kJSTypeNumber, exception);
     105    if (object->inherits(&JSCallbackObject<JSNonFinalObject>::s_info)) {
     106        for (JSClassRef jsClass = jsCast<JSCallbackObject<JSNonFinalObject>*>(object)->classRef(); jsClass; jsClass = jsClass->parentClass)
     107            if (jsClass->convertToType)
     108                return jsClass->convertToType(ctx, thisObject, kJSTypeNumber, exception);
     109    } else if (object->inherits(&JSCallbackObject<JSGlobalObject>::s_info)) {
     110        for (JSClassRef jsClass = jsCast<JSCallbackObject<JSGlobalObject>*>(object)->classRef(); jsClass; jsClass = jsClass->parentClass)
     111            if (jsClass->convertToType)
     112                return jsClass->convertToType(ctx, thisObject, kJSTypeNumber, exception);
     113    }
    104114    return 0;
    105115}
Note: See TracChangeset for help on using the changeset viewer.