[webkit-changes] [248694] trunk

[mark . lam]

Title: [248694] trunk

Revision

248694

Author

mark....@apple.com

Date

2019-08-14 16:36:28 -0700 (Wed, 14 Aug 2019)

Log Message

Missing exception check in string compare.
https://bugs.webkit.org/show_bug.cgi?id=200743
<rdar://problem/53975356>

Reviewed by Michael Saboff.

JSTests:

* stress/missing-exception-check-in-string-compare.js: Added.

Source/_javascript_Core:

* runtime/JSString.cpp:
(JSC::JSString::equalSlowCase const):

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/JSString.cpp

Added Paths

• trunk/JSTests/stress/missing-exception-check-in-string-compare.js

Diff

Modified: trunk/JSTests/ChangeLog (248693 => 248694)

--- trunk/JSTests/ChangeLog	2019-08-14 23:33:24 UTC (rev 248693)
+++ trunk/JSTests/ChangeLog	2019-08-14 23:36:28 UTC (rev 248694)
@@ -1,3 +1,13 @@
+2019-08-14  Mark Lam  <mark....@apple.com>
+
+        Missing exception check in string compare.
+        https://bugs.webkit.org/show_bug.cgi?id=200743
+        <rdar://problem/53975356>
+
+        Reviewed by Michael Saboff.
+
+        * stress/missing-exception-check-in-string-compare.js: Added.
+
 2019-08-08  Ross Kirsling  <ross.kirsl...@sony.com>
 
         [JSC] Add "jump if (not) undefined or null" bytecode ops

Added: trunk/JSTests/stress/missing-exception-check-in-string-compare.js (0 => 248694)

--- trunk/JSTests/stress/missing-exception-check-in-string-compare.js	                        (rev 0)
+++ trunk/JSTests/stress/missing-exception-check-in-string-compare.js	2019-08-14 23:36:28 UTC (rev 248694)
@@ -0,0 +1,9 @@
+const s1 = (-1).toLocaleString().padEnd(2**31-1, 'aa');
+try {
+    s1 == s1;
+} catch (e) {
+    exception = e;
+}
+
+if (exception != "Error: Out of memory")
+    throw "FAILED";

Modified: trunk/Source/_javascript_Core/ChangeLog (248693 => 248694)

--- trunk/Source/_javascript_Core/ChangeLog	2019-08-14 23:33:24 UTC (rev 248693)
+++ trunk/Source/_javascript_Core/ChangeLog	2019-08-14 23:36:28 UTC (rev 248694)
@@ -1,3 +1,14 @@
+2019-08-14  Mark Lam  <mark....@apple.com>
+
+        Missing exception check in string compare.
+        https://bugs.webkit.org/show_bug.cgi?id=200743
+        <rdar://problem/53975356>
+
+        Reviewed by Michael Saboff.
+
+        * runtime/JSString.cpp:
+        (JSC::JSString::equalSlowCase const):
+
 2019-08-14  Yusuke Suzuki  <ysuz...@apple.com>
 
         Unreviewed, build fix for MacroAssemblerARM64E change

Modified: trunk/Source/_javascript_Core/runtime/JSString.cpp (248693 => 248694)

--- trunk/Source/_javascript_Core/runtime/JSString.cpp	2019-08-14 23:33:24 UTC (rev 248693)
+++ trunk/Source/_javascript_Core/runtime/JSString.cpp	2019-08-14 23:36:28 UTC (rev 248694)
@@ -96,6 +96,7 @@
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     String str1 = value(exec);
+    RETURN_IF_EXCEPTION(scope, false);
     String str2 = other->value(exec);
     RETURN_IF_EXCEPTION(scope, false);
     return WTF::equal(*str1.impl(), *str2.impl());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes