Commit 2e144750 authored by Jan de Mooij's avatar Jan de Mooij
Browse files

Bug 1412654 - Only allow cloning normal functions in CloneFunctionObject. r=evilpie

parent 77861963

js/src/jit-test/tests/basic/bug1412654.js

0 → 100644
+4 −0
Original line number Diff line number Diff line 
// |jit-test| error: can't clone

var gv = newGlobal();

gv.f = (class get {});

gv.eval('f = clone(f);');

js/src/jsapi.cpp

+6 −6
Original line number Diff line number Diff line
@@ -3732,7 +3732,12 @@ CloneFunctionObject(JSContext* cx, HandleObject funobj, HandleObject env, Handle 
            return nullptr;

    }



    if (fun->isNative()) {

    // Only allow cloning normal, interpreted functions.

    if (fun->isNative() ||

        fun->isBoundFunction() ||

        fun->kind() != JSFunction::NormalFunction ||

        fun->isExtended())

    {

        JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_CLONE_OBJECT);

        return nullptr;

    }
@@ -3742,11 +3747,6 @@ CloneFunctionObject(JSContext* cx, HandleObject funobj, HandleObject env, Handle 
        return nullptr;

    }



    if (fun->isBoundFunction()) {

        JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_CLONE_OBJECT);

        return nullptr;

    }



    if (CanReuseScriptForClone(cx->compartment(), fun, env)) {

        // If the script is to be reused, either the script can already handle

        // non-syntactic scopes, or there is only the standard global lexical