Cannot login to iCloud
authorbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 May 2012 03:43:54 +0000 (03:43 +0000)
committerbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 May 2012 03:43:54 +0000 (03:43 +0000)
https://bugs.webkit.org/show_bug.cgi?id=86321

Reviewed by Filip Pizlo.

This is a bug introduced by bug#85853, we shouldn't allow assignment to
the prototype property of functions to be cached, since we need to clear
the cached inheritorID.

* runtime/JSFunction.cpp:
(JSC::JSFunction::put):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@117025 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSFunction.cpp

index 6a1ffb0..9882090 100644 (file)
@@ -1,3 +1,17 @@
+2012-05-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Cannot login to iCloud
+        https://bugs.webkit.org/show_bug.cgi?id=86321
+
+        Reviewed by Filip Pizlo.
+
+        This is a bug introduced by bug#85853, we shouldn't allow assignment to
+        the prototype property of functions to be cached, since we need to clear
+        the cached inheritorID.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::put):
+
 2012-05-14  Michael Saboff  <msaboff@apple.com>
 
         Enh: Add the Ability to Disable / Enable JavaScript GC Timer
index 7e5b4b1..f2d9c81 100644 (file)
@@ -343,6 +343,10 @@ void JSFunction::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
         PropertySlot slot;
         thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
         thisObject->m_cachedInheritorID.clear();
+        // Don't allow this to be cached, since a [[Put]] must clear m_cachedInheritorID.
+        PutPropertySlot dontCache;
+        Base::put(thisObject, exec, propertyName, value, dontCache);
+        return;
     }
     if (thisObject->jsExecutable()->isStrictMode() && (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().caller)) {
         // This will trigger the property to be reified, if this is not already the case!