RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-28 08:35:09 +00:00
Code Issues Activity Actions

LibJS: Invalidate cached environment coordinate after delete in global

Browse source 
Fixes the bug in interpreter when cached environment coordinate is not
invalidated after `delete` operator usage on global `this`.
This commit is contained in:
Aliaksandr Kalenik 2023-06-24 15:24:19 +03:00 committed by Andreas Kling
parent 9d4dfc1061
commit 331f6a9e60
3 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibJS/Bytecode/Op.cpp
View file

@ -392,8 +392,10 @@ ThrowCompletionOr<void> GetVariable::execute_impl(Bytecode::Interpreter& interpr
auto const& string = interpreter.current_executable().get_identifier(m_identifier);
if (m_cached_environment_coordinate.has_value()) {
Environment* environment = nullptr;
bool coordinate_screwed_by_delete_in_global_environment = false;
if (m_cached_environment_coordinate->index == EnvironmentCoordinate::global_marker) {
environment = &interpreter.vm().current_realm()->global_environment();
coordinate_screwed_by_delete_in_global_environment = !TRY(environment->has_binding(string));
} else {
environment = vm.running_execution_context().lexical_environment;
for (size_t i = 0; i < m_cached_environment_coordinate->hops; ++i)
@ -401,7 +403,7 @@ ThrowCompletionOr<void> GetVariable::execute_impl(Bytecode::Interpreter& interpr
VERIFY(environment);
VERIFY(environment->is_declarative_environment());
}
if (!environment->is_permanently_screwed_by_eval()) {
if (!coordinate_screwed_by_delete_in_global_environment && !environment->is_permanently_screwed_by_eval()) {
return Reference { *environment, string, vm.in_strict_mode(), m_cached_environment_coordinate };
}
m_cached_environment_coordinate = {};