From 79a2392b793b6aee0df418442cba98404319e07d Mon Sep 17 00:00:00 2001 From: Robert Fancsik Date: Mon, 18 Jan 2021 12:10:49 +0100 Subject: [PATCH] Remove template array flag from arrays after the collection is freed (#4500) This patch fixes #4469. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu --- .../ecma/base/ecma-helpers-collection.c | 4 +-- .../es.next/regression-test-issue-4469.js | 36 +++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 tests/jerry/es.next/regression-test-issue-4469.js diff --git a/jerry-core/ecma/base/ecma-helpers-collection.c b/jerry-core/ecma/base/ecma-helpers-collection.c index b92ada32c..7ba90c359 100644 --- a/jerry-core/ecma/base/ecma-helpers-collection.c +++ b/jerry-core/ecma/base/ecma-helpers-collection.c @@ -96,7 +96,7 @@ ecma_collection_free_template_literal (ecma_collection_t *collection_p) /**< val ecma_extended_object_t *array_object_p = (ecma_extended_object_t *) object_p; JERRY_ASSERT (array_object_p->u.array.length_prop_and_hole_count & ECMA_ARRAY_TEMPLATE_LITERAL); - array_object_p->u.array.length_prop_and_hole_count &= (uint32_t) ECMA_ARRAY_TEMPLATE_LITERAL; + array_object_p->u.array.length_prop_and_hole_count &= (uint32_t) ~ECMA_ARRAY_TEMPLATE_LITERAL; ecma_property_value_t *property_value_p; @@ -108,7 +108,7 @@ ecma_collection_free_template_literal (ecma_collection_t *collection_p) /**< val array_object_p = (ecma_extended_object_t *) raw_object_p; JERRY_ASSERT (array_object_p->u.array.length_prop_and_hole_count & ECMA_ARRAY_TEMPLATE_LITERAL); - array_object_p->u.array.length_prop_and_hole_count &= (uint32_t) ECMA_ARRAY_TEMPLATE_LITERAL; + array_object_p->u.array.length_prop_and_hole_count &= (uint32_t) ~ECMA_ARRAY_TEMPLATE_LITERAL; ecma_deref_object (raw_object_p); ecma_deref_object (object_p); diff --git a/tests/jerry/es.next/regression-test-issue-4469.js b/tests/jerry/es.next/regression-test-issue-4469.js new file mode 100644 index 000000000..e7969bc99 --- /dev/null +++ b/tests/jerry/es.next/regression-test-issue-4469.js @@ -0,0 +1,36 @@ +// Copyright JS Foundation and other contributors, http://js.foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +function assertArrayEquals(array1, array2) { + if (array1.length !== array2.length) { + return false; + } + + for (var i = 0; i < array1.length; i++) { + if (array1[i] !== array2[i]) { + return false; + } + } + + return true; +} + +function tag(site){ + return site; +} + +var site1 = eval("tag`Cocoa`"); +var site3 = eval("tag`Cocoa`"); + +assertArrayEquals(site1, site3);