[webkit-changes] [207235] trunk

Wed, 12 Oct 2016 12:40:44 -0700

Title: [207235] trunk
Revision
207235
Author
keith_mil...@apple.com
Date
2016-10-12 12:40:51 -0700 (Wed, 12 Oct 2016)

Log Message

Handle non-function, non-undefined comparator in Array.prototype.sort
https://bugs.webkit.org/show_bug.cgi?id=163085

Reviewed by Yusuke Suzuki.

JSTests:

* ChakraCore/test/Array/array_sort.baseline-jsc:
* stress/array-sort-bad-comparator.js: Added.
(test):

Source/_javascript_Core:

* builtins/ArrayPrototype.js:
(sort.comparatorSort):
(sort.stringSort):
(sort):

Modified Paths

Added Paths

Diff

Modified: trunk/JSTests/ChakraCore/test/Array/array_sort.baseline-jsc (207234 => 207235)


--- trunk/JSTests/ChakraCore/test/Array/array_sort.baseline-jsc	2016-10-12 19:35:55 UTC (rev 207234)
+++ trunk/JSTests/ChakraCore/test/Array/array_sort.baseline-jsc	2016-10-12 19:40:51 UTC (rev 207235)
@@ -7,4 +7,5 @@
 1,2,3
 10
 1,1.2,4,4.8,12
+TypeError: Array.prototype.sort requires the comparsion function be a function or undefined
 1,2,3

Modified: trunk/JSTests/ChangeLog (207234 => 207235)


--- trunk/JSTests/ChangeLog	2016-10-12 19:35:55 UTC (rev 207234)
+++ trunk/JSTests/ChangeLog	2016-10-12 19:40:51 UTC (rev 207235)
@@ -1,3 +1,14 @@
+2016-10-12  Keith Miller  <keith_mil...@apple.com>
+
+        Handle non-function, non-undefined comparator in Array.prototype.sort
+        https://bugs.webkit.org/show_bug.cgi?id=163085
+
+        Reviewed by Yusuke Suzuki.
+
+        * ChakraCore/test/Array/array_sort.baseline-jsc:
+        * stress/array-sort-bad-comparator.js: Added.
+        (test):
+
 2016-10-12  Mark Lam  <mark....@apple.com>
 
         Array.prototype.slice should not modify frozen objects.

Added: trunk/JSTests/stress/array-sort-bad-comparator.js (0 => 207235)


--- trunk/JSTests/stress/array-sort-bad-comparator.js	                        (rev 0)
+++ trunk/JSTests/stress/array-sort-bad-comparator.js	2016-10-12 19:40:51 UTC (rev 207235)
@@ -0,0 +1,28 @@
+//@ runDefault
+
+function test() {
+    try {
+        [1,2].sort(null);
+        return false;
+        } catch (enull) {}
+    try {
+        [1,2].sort(true);
+        return false;
+        } catch (etrue) {}
+    try {
+        [1,2].sort({});
+        return false;
+    } catch (eobj) {}
+    try {
+        [1,2].sort([]);
+        return false;
+    } catch (earr) {}
+    try {
+        [1,2].sort(/a/g);
+        return false;
+    } catch (eregex) {}
+    return true;
+}
+
+if(!test())
+    throw new Error("Bad result");

Modified: trunk/Source/_javascript_Core/ChangeLog (207234 => 207235)


--- trunk/Source/_javascript_Core/ChangeLog	2016-10-12 19:35:55 UTC (rev 207234)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-10-12 19:40:51 UTC (rev 207235)
@@ -1,3 +1,15 @@
+2016-10-12  Keith Miller  <keith_mil...@apple.com>
+
+        Handle non-function, non-undefined comparator in Array.prototype.sort
+        https://bugs.webkit.org/show_bug.cgi?id=163085
+
+        Reviewed by Yusuke Suzuki.
+
+        * builtins/ArrayPrototype.js:
+        (sort.comparatorSort):
+        (sort.stringSort):
+        (sort):
+
 2016-10-12  Filip Pizlo  <fpi...@apple.com>
 
         REGRESSION (r207179): ASSERTION FAILED: node.cell != previousCell

Modified: trunk/Source/_javascript_Core/builtins/ArrayPrototype.js (207234 => 207235)


--- trunk/Source/_javascript_Core/builtins/ArrayPrototype.js	2016-10-12 19:35:55 UTC (rev 207234)
+++ trunk/Source/_javascript_Core/builtins/ArrayPrototype.js	2016-10-12 19:40:51 UTC (rev 207235)
@@ -606,28 +606,14 @@
         return dst;
     }
 
-    function comparatorSort(array, comparator)
+    function comparatorSort(array, length, comparator)
     {
-        var length = array.length >>> 0;
-
-        // For compatibility with Firefox and Chrome, do nothing observable
-        // to the target array if it has 0 or 1 sortable properties.
-        if (length < 2)
-            return;
-
         var valueCount = compact(array, length);
         mergeSort(array, valueCount, comparator);
     }
 
-    function stringSort(array)
+    function stringSort(array, length)
     {
-        var length = array.length >>> 0;
-
-        // For compatibility with Firefox and Chrome, do nothing observable
-        // to the target array if it has 0 or 1 sortable properties.
-        if (length < 2)
-            return;
-
         var valueCount = compact(array, length);
 
         var strings = @newArrayWithSize(valueCount);
@@ -640,15 +626,21 @@
     if (this == null)
         @throwTypeError("Array.prototype.sort requires that |this| not be null or undefined");
 
-    if (typeof this == "string")
-        @throwTypeError("Attempted to assign to readonly property.");
-
     var array = @Object(this);
 
+    var length = array.length >>> 0;
+
+    // For compatibility with Firefox and Chrome, do nothing observable
+    // to the target array if it has 0 or 1 sortable properties.
+    if (length < 2)
+        return array;
+
     if (typeof comparator == "function")
-        comparatorSort(array, comparator);
+        comparatorSort(array, length, comparator);
+    else if (comparator === @undefined)
+        stringSort(array, length);
     else
-        stringSort(array);
+        @throwTypeError("Array.prototype.sort requires the comparsion function be a function or undefined");
 
     return array;
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to