JavaScriptCore:
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Sep 2008 00:07:29 +0000 (00:07 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Sep 2008 00:07:29 +0000 (00:07 +0000)
commitc837b229780c9f82dc2e3cabb2aa04bf1e22f010
tree06a36ef58965931dfea4f5578d01b20d703993ae
parente670f413060c9f1d027c9ab5e333e0f98702808a
JavaScriptCore:

2008-09-24  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
        <rdar://problem/6243534>
        Crash below Function.apply when using a runtime array as the argument list

        Test: plugins/bindings-array-apply-crash.html

        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncApply): Revert to the slow case if the object inherits from
        JSArray (via ClassInfo) but is not a JSArray.

WebKitTools:

2008-09-24  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
        <rdar://problem/6243534>
        Crash below Function.apply when using a runtime array as the argument list

        Add method to ObjCController to return a runtime array.

        * DumpRenderTree/mac/ObjCController.m:
        (+[ObjCController isSelectorExcludedFromWebScript:]):
        (+[ObjCController webScriptNameForSelector:]):
        (-[ObjCController testArray]):

LayoutTests:

2008-09-24  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Test for https://bugs.webkit.org/show_bug.cgi?id=21080
        <rdar://problem/6243534>
        Crash below Function.apply when using a runtime array as the argument list

        * platform/mac/plugins/bindings-array-apply-crash-expected.txt: Added.
        * platform/mac/plugins/bindings-array-apply-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@36875 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/kjs/FunctionPrototype.cpp
LayoutTests/ChangeLog
LayoutTests/platform/mac/plugins/bindings-array-apply-crash-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac/plugins/bindings-array-apply-crash.html [new file with mode: 0644]
WebKitTools/ChangeLog
WebKitTools/DumpRenderTree/mac/ObjCController.m