Modified: trunk/JSTests/ChangeLog (249163 => 249164)
--- trunk/JSTests/ChangeLog 2019-08-27 20:00:31 UTC (rev 249163)
+++ trunk/JSTests/ChangeLog 2019-08-27 20:10:40 UTC (rev 249164)
@@ -1,3 +1,13 @@
+2019-08-27 Mark Lam <mark....@apple.com>
+
+ constructFunctionSkippingEvalEnabledCheck() should use tryMakeString() and check for OOM.
+ https://bugs.webkit.org/show_bug.cgi?id=201196
+ <rdar://problem/54703775>
+
+ Reviewed by Yusuke Suzuki.
+
+ * stress/constructFunctionSkippingEvalEnabledCheck-should-throw-out-of-memory-error.js: Added.
+
2019-08-26 Ross Kirsling <ross.kirsl...@sony.com>
[JSC] Ensure x?.y ?? z is fast
Added: trunk/JSTests/stress/constructFunctionSkippingEvalEnabledCheck-should-throw-out-of-memory-error.js (0 => 249164)
--- trunk/JSTests/stress/constructFunctionSkippingEvalEnabledCheck-should-throw-out-of-memory-error.js (rev 0)
+++ trunk/JSTests/stress/constructFunctionSkippingEvalEnabledCheck-should-throw-out-of-memory-error.js 2019-08-27 20:10:40 UTC (rev 249164)
@@ -0,0 +1,10 @@
+var exception;
+try {
+ Function('a'.repeat(2147483623));
+} catch (e) {
+ exception = e;
+}
+
+if (exception != "Error: Out of memory")
+ throw "FAILED";
+
Modified: trunk/Source/_javascript_Core/ChangeLog (249163 => 249164)
--- trunk/Source/_javascript_Core/ChangeLog 2019-08-27 20:00:31 UTC (rev 249163)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-08-27 20:10:40 UTC (rev 249164)
@@ -1,3 +1,14 @@
+2019-08-27 Mark Lam <mark....@apple.com>
+
+ constructFunctionSkippingEvalEnabledCheck() should use tryMakeString() and check for OOM.
+ https://bugs.webkit.org/show_bug.cgi?id=201196
+ <rdar://problem/54703775>
+
+ Reviewed by Yusuke Suzuki.
+
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+
2019-08-27 Keith Miller <keith_mil...@apple.com>
When dumping Air Graphs BBQ should dump patchpoints.
Modified: trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp (249163 => 249164)
--- trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp 2019-08-27 20:00:31 UTC (rev 249163)
+++ trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp 2019-08-27 20:10:40 UTC (rev 249164)
@@ -109,7 +109,11 @@
else if (args.size() == 1) {
auto body = args.at(0).toWTFString(exec);
RETURN_IF_EXCEPTION(scope, nullptr);
- program = makeString(prefix, functionName.string(), "() {\n", body, "\n}");
+ program = tryMakeString(prefix, functionName.string(), "() {\n", body, "\n}");
+ if (UNLIKELY(!program)) {
+ throwOutOfMemoryError(exec, scope);
+ return nullptr;
+ }
} else {
StringBuilder builder(StringBuilder::OverflowHandler::RecordOverflow);
builder.append(prefix, functionName.string(), '(');
@@ -122,7 +126,7 @@
RETURN_IF_EXCEPTION(scope, nullptr);
builder.append(", ", viewWithString.view);
}
- if (builder.hasOverflowed()) {
+ if (UNLIKELY(builder.hasOverflowed())) {
throwOutOfMemoryError(exec, scope);
return nullptr;
}
@@ -132,7 +136,7 @@
auto body = args.at(args.size() - 1).toString(exec)->viewWithUnderlyingString(exec);
RETURN_IF_EXCEPTION(scope, nullptr);
builder.append(") {\n", body.view, "\n}");
- if (builder.hasOverflowed()) {
+ if (UNLIKELY(builder.hasOverflowed())) {
throwOutOfMemoryError(exec, scope);
return nullptr;
}