RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 02:27:35 +00:00
Code Issues Activity Actions

LibJS: Remove Object(Object& prototype) footgun

Browse source 
This constructor was easily confused with a copy constructor, and it was
possible to accidentally copy-construct Objects in at least one way that
we dicovered (via generic ThrowCompletionOr construction).

This patch adds a mandatory ConstructWithPrototypeTag parameter to the
constructor to disambiguate it.
This commit is contained in:
Andreas Kling 2022-12-14 12:17:58 +01:00
parent 42b5c896e8
commit 4abdb68655
90 changed files with 100 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/ObjectConstructor.cpp
View file

@ -70,7 +70,7 @@ ThrowCompletionOr<Object*> ObjectConstructor::construct(FunctionObject& new_targ
auto& realm = *vm.current_realm();
if (&new_target != this)
return TRY(ordinary_create_from_constructor<Object>(vm, new_target, &Intrinsics::object_prototype));
return TRY(ordinary_create_from_constructor<Object>(vm, new_target, &Intrinsics::object_prototype, ConstructWithPrototypeTag::Tag));
auto value = vm.argument(0);
if (value.is_nullish())
return Object::create(realm, realm.intrinsics().object_prototype()).ptr();