From da2299d27770d352956eb6ce5dd3fda2cec987f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20G=C3=A1l?= Date: Thu, 17 Sep 2020 15:23:37 +0200 Subject: [PATCH] Convert fast array to normal array when the prototype is changed (#4198) If the prototype of a fast array is changed, for example to a Proxy object, the array should be converted back to a normal array. This is required to correctly handle any [[Get]]/[[Set]]/etc... calls which should trigger these method calls on the before mentioned Proxy object. JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com --- jerry-core/ecma/operations/ecma-objects.c | 10 ++++++++++ tests/test262-esnext-excludelist.xml | 1 - 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/jerry-core/ecma/operations/ecma-objects.c b/jerry-core/ecma/operations/ecma-objects.c index c9e6071a2..097bc7954 100644 --- a/jerry-core/ecma/operations/ecma-objects.c +++ b/jerry-core/ecma/operations/ecma-objects.c @@ -2924,6 +2924,16 @@ ecma_op_ordinary_object_set_prototype_of (ecma_object_t *obj_p, /**< base object /* 1. */ JERRY_ASSERT (ecma_is_value_object (proto) || ecma_is_value_null (proto)); + /** + * If the prototype of a fast array changes it is required to fall back to + * a "normal" array object. This ensures that all [[Get]]/[[Set]]/etc. calls + * works as expected. + */ + if (ecma_op_object_is_fast_array (obj_p)) + { + ecma_fast_array_convert_to_normal (obj_p); + } + /* 3. */ ecma_object_t *current_proto_p = ECMA_GET_POINTER (ecma_object_t, ecma_op_ordinary_object_get_prototype_of (obj_p)); ecma_object_t *new_proto_p = ecma_is_value_null (proto) ? NULL : ecma_get_object_from_value (proto); diff --git a/tests/test262-esnext-excludelist.xml b/tests/test262-esnext-excludelist.xml index f94d46b07..822d7fe12 100644 --- a/tests/test262-esnext-excludelist.xml +++ b/tests/test262-esnext-excludelist.xml @@ -988,7 +988,6 @@ -