GetDeferred() possibly needs to copy the Deferred record to protected against reentrancy issues in Deferred Construction Functions. For example in the following test case RejectIfAbrupt assumes deferred.[[Reject]] is a Callable object, but instead it is null.
function steal(r) {
// leak resolver to global object
resolver = r;
r(() => {}, () => {});
}
iterable = {
[Symbol.iterator]() {
// reset [[Resolve]] and [[Reject]]
resolver(null, null);
// Now trigger RejectIfAbrupt
throw 0;
}};
Promise.all.call(steal, iterable)
domenic
commented
10 years ago
GetDeferred() possibly needs to copy the Deferred record to protected against reentrancy issues in Deferred Construction Functions. For example in the following test case RejectIfAbrupt assumes deferred.[[Reject]] is a Callable object, but instead it is
null.