Modified: trunk/Source/_javascript_Core/ChangeLog (262385 => 262386)
--- trunk/Source/_javascript_Core/ChangeLog 2020-06-01 18:20:54 UTC (rev 262385)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-06-01 18:21:47 UTC (rev 262386)
@@ -1,3 +1,20 @@
+2020-06-01 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] BigInt operations should handle exception correctly
+ https://bugs.webkit.org/show_bug.cgi?id=212596
+
+ Reviewed by Mark Lam.
+
+ Some places miss exception check / explicit scope-release while BigInt operations can now throw an exception.
+ This patch adds them. They are covered by existing stress tests with Debug build.
+
+ * runtime/Operations.h:
+ (JSC::compareBigIntToOtherPrimitive):
+ (JSC::compareBigInt32ToOtherPrimitive):
+ (JSC::jsInc):
+ (JSC::jsDec):
+ (JSC::jsBitwiseNot):
+
2020-05-31 Michael Saboff <msab...@apple.com>
Consider a Thread Specific Cache for AssemblerBuffers
Modified: trunk/Source/_javascript_Core/runtime/Operations.h (262385 => 262386)
--- trunk/Source/_javascript_Core/runtime/Operations.h 2020-06-01 18:20:54 UTC (rev 262385)
+++ trunk/Source/_javascript_Core/runtime/Operations.h 2020-06-01 18:21:47 UTC (rev 262386)
@@ -266,8 +266,10 @@
ASSERT(!primValue.isBigInt());
if (primValue.isString()) {
- JSValue bigIntValue = JSBigInt::stringToBigInt(globalObject, asString(primValue)->value(globalObject));
+ String string = asString(primValue)->value(globalObject);
RETURN_IF_EXCEPTION(scope, JSBigInt::ComparisonResult::Undefined);
+ JSValue bigIntValue = JSBigInt::stringToBigInt(globalObject, string);
+ RETURN_IF_EXCEPTION(scope, JSBigInt::ComparisonResult::Undefined);
if (!bigIntValue)
return JSBigInt::ComparisonResult::Undefined;
@@ -304,8 +306,10 @@
};
if (primValue.isString()) {
- JSValue bigIntValue = JSBigInt::stringToBigInt(globalObject, asString(primValue)->value(globalObject));
+ String string = asString(primValue)->value(globalObject);
RETURN_IF_EXCEPTION(scope, JSBigInt::ComparisonResult::Undefined);
+ JSValue bigIntValue = JSBigInt::stringToBigInt(globalObject, string);
+ RETURN_IF_EXCEPTION(scope, JSBigInt::ComparisonResult::Undefined);
if (!bigIntValue)
return JSBigInt::ComparisonResult::Undefined;
@@ -639,7 +643,7 @@
#if USE(BIGINT32)
if (operandNumeric.isBigInt32())
- return JSBigInt::inc(globalObject, operandNumeric.bigInt32AsInt32());
+ RELEASE_AND_RETURN(scope, JSBigInt::inc(globalObject, operandNumeric.bigInt32AsInt32()));
#endif
ASSERT(operandNumeric.isHeapBigInt());
@@ -659,7 +663,7 @@
#if USE(BIGINT32)
if (operandNumeric.isBigInt32())
- return JSBigInt::dec(globalObject, operandNumeric.bigInt32AsInt32());
+ RELEASE_AND_RETURN(scope, JSBigInt::dec(globalObject, operandNumeric.bigInt32AsInt32()));
#endif
ASSERT(operandNumeric.isHeapBigInt());
@@ -679,7 +683,7 @@
#if USE(BIGINT32)
if (operandNumeric.isBigInt32())
- return JSBigInt::bitwiseNot(globalObject, operandNumeric.bigInt32AsInt32());
+ RELEASE_AND_RETURN(scope, JSBigInt::bitwiseNot(globalObject, operandNumeric.bigInt32AsInt32()));
#endif
ASSERT(operandNumeric.isHeapBigInt());
