RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 11:28:12 +00:00
Code Issues Activity Actions

LibJS: Invalidate cached environment coordinate after delete in global

Browse source 
Fixes the bug in interpreter when cached environment coordinate is not
invalidated after `delete` operator usage on global `this`.
This commit is contained in:
Aliaksandr Kalenik 2023-06-24 15:24:19 +03:00 committed by Andreas Kling
parent 9d4dfc1061
commit 331f6a9e60
3 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibJS/AST.cpp
View file

@ -1497,8 +1497,10 @@ ThrowCompletionOr<Reference> Identifier::to_reference(Interpreter& interpreter)
{
if (m_cached_environment_coordinate.is_valid()) {
Environment* environment = nullptr;
bool coordinate_screwed_by_delete_in_global_environment = false;
if (m_cached_environment_coordinate.index == EnvironmentCoordinate::global_marker) {
environment = &interpreter.vm().current_realm()->global_environment();
coordinate_screwed_by_delete_in_global_environment = !TRY(environment->has_binding(string()));
} else {
environment = interpreter.vm().running_execution_context().lexical_environment;
for (size_t i = 0; i < m_cached_environment_coordinate.hops; ++i)
@ -1506,7 +1508,7 @@ ThrowCompletionOr<Reference> Identifier::to_reference(Interpreter& interpreter)
VERIFY(environment);
VERIFY(environment->is_declarative_environment());
}
if (!environment->is_permanently_screwed_by_eval()) {
if (!coordinate_screwed_by_delete_in_global_environment && !environment->is_permanently_screwed_by_eval()) {
return Reference { *environment, string(), interpreter.vm().in_strict_mode(), m_cached_environment_coordinate };
}
m_cached_environment_coordinate = {};