From a1dbf7f01579f3a0d0d541ffb15af98f05bf08c0 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Wed, 19 Aug 2020 12:43:23 +0000 Subject: [PATCH] Fixed njs_property_query() while quering symbol keys. Since 37f1f20de909, njs_object_hash_test() requires lhq->key.start to be NULL to avoid hash collisions. The field is zeroed by njs_property_query_init(), but the field still might be non-zero when njs_property_query() is called inside a loop. The fix is to ensure lhq->key.start == NULL for symbol keys. This closes #268 issue on Github. --- src/njs_value.c | 1 + src/test/njs_unit_test.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/src/njs_value.c b/src/njs_value.c index fc2fbd49..4a1756fa 100644 --- a/src/njs_value.c +++ b/src/njs_value.c @@ -568,6 +568,7 @@ njs_property_query(njs_vm_t *vm, njs_property_query_t *pq, njs_value_t *value, if (njs_is_symbol(key)) { pq->lhq.key_hash = njs_symbol_key(key); + pq->lhq.key.start = NULL; } else { njs_string_get(&pq->key, &pq->lhq.key); diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c index d8dcddd4..3f7f0412 100644 --- a/src/test/njs_unit_test.c +++ b/src/test/njs_unit_test.c @@ -13151,6 +13151,10 @@ static njs_unit_test_t njs_test[] = "[m.hasOwnProperty('abs'), delete m.abs, m.abs(-1)]"), njs_str("true,true,1") }, + { njs_str("var Q = Object.create({}, {a: {value: 'AAA'}, [Symbol.toStringTag]:{value: 'TAG'}});" + "Q[Symbol.toStringTag]"), + njs_str("TAG") }, + { njs_str("Object.getOwnPropertyDescriptor({a:1}, 'a').value"), njs_str("1") }, -- 2.47.3