[webkit-changes] [200746] trunk

[commit-queue]

Title: [200746] trunk

Revision

200746

Author

commit-qu...@webkit.org

Date

2016-05-12 00:28:42 -0700 (Thu, 12 May 2016)

Log Message

Web Inspector: CRASH getting internal properties of function with no bound arguments causes
https://bugs.webkit.org/show_bug.cgi?id=157613
<rdar://problem/26238754>

Patch by Joseph Pecoraro <pecor...@apple.com> on 2016-05-12
Reviewed by Timothy Hatcher.

Source/_javascript_Core:

* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::getInternalProperties):
Gracefully handle a JSBoundFunction with no bound arguments.
In this case boundArgs is JSValue() which we don't want to
expose as the value of the internal property.

LayoutTests:

* inspector/runtime/getProperties-expected.txt:
* inspector/runtime/getProperties.html:
Include coverage for a bound function with no bound arguments.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/inspector/runtime/getProperties-expected.txt
• trunk/LayoutTests/inspector/runtime/getProperties.html
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (200745 => 200746)

--- trunk/LayoutTests/ChangeLog	2016-05-12 07:23:53 UTC (rev 200745)
+++ trunk/LayoutTests/ChangeLog	2016-05-12 07:28:42 UTC (rev 200746)
@@ -1,3 +1,15 @@
+2016-05-12  Joseph Pecoraro  <pecor...@apple.com>
+
+        Web Inspector: CRASH getting internal properties of function with no bound arguments causes
+        https://bugs.webkit.org/show_bug.cgi?id=157613
+        <rdar://problem/26238754>
+
+        Reviewed by Timothy Hatcher.
+
+        * inspector/runtime/getProperties-expected.txt:
+        * inspector/runtime/getProperties.html:
+        Include coverage for a bound function with no bound arguments.
+
 2016-05-11  Zalan Bujtas  <za...@apple.com>
 
         Absolute positioned element is not placed properly when parent becomes the containing block.

Modified: trunk/LayoutTests/inspector/runtime/getProperties-expected.txt (200745 => 200746)

--- trunk/LayoutTests/inspector/runtime/getProperties-expected.txt	2016-05-12 07:23:53 UTC (rev 200745)
+++ trunk/LayoutTests/inspector/runtime/getProperties-expected.txt	2016-05-12 07:28:42 UTC (rev 200746)
@@ -32,3 +32,17 @@
     [native code]
 }
 
+-- Running test case: CheckPropertiesOfBoundFunctionNoArguments
+Evaluating _expression_: (function(){}).bind(null)
+Properties:
+  __proto__ function function () {
+    [native code]
+}
+  arguments object TypeError: Type error
+  caller object TypeError: Type error
+  length number 0
+  name string bound 
+Internal properties:
+  boundThis object undefined
+  targetFunction function function (){}
+

Modified: trunk/LayoutTests/inspector/runtime/getProperties.html (200745 => 200746)

--- trunk/LayoutTests/inspector/runtime/getProperties.html	2016-05-12 07:23:53 UTC (rev 200745)
+++ trunk/LayoutTests/inspector/runtime/getProperties.html	2016-05-12 07:28:42 UTC (rev 200746)
@@ -24,6 +24,12 @@
         _expression_: "Number.bind({}, 5)",
     });
 
+    addGetPropertiesTestCase({
+        name: "CheckPropertiesOfBoundFunctionNoArguments",
+        description: "Check properties of a bound function with no bound arguments.",
+        _expression_: "(function(){}).bind(null)",
+    });
+
     suite.runTestCasesAndFinish();
 
     function addGetPropertiesTestCase(args) {

Modified: trunk/Source/_javascript_Core/ChangeLog (200745 => 200746)

--- trunk/Source/_javascript_Core/ChangeLog	2016-05-12 07:23:53 UTC (rev 200745)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-05-12 07:28:42 UTC (rev 200746)
@@ -1,3 +1,17 @@
+2016-05-12  Joseph Pecoraro  <pecor...@apple.com>
+
+        Web Inspector: CRASH getting internal properties of function with no bound arguments causes
+        https://bugs.webkit.org/show_bug.cgi?id=157613
+        <rdar://problem/26238754>
+
+        Reviewed by Timothy Hatcher.
+
+        * inspector/JSInjectedScriptHost.cpp:
+        (Inspector::JSInjectedScriptHost::getInternalProperties):
+        Gracefully handle a JSBoundFunction with no bound arguments.
+        In this case boundArgs is JSValue() which we don't want to
+        expose as the value of the internal property.
+
 2016-05-11  Benjamin Poulain  <bpoul...@apple.com>
 
         [JSC] Make sure StringRange is passed to Vector by register

Modified: trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp (200745 => 200746)

--- trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp	2016-05-12 07:23:53 UTC (rev 200745)
+++ trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp	2016-05-12 07:28:42 UTC (rev 200746)
@@ -280,10 +280,11 @@
 
     if (JSBoundFunction* boundFunction = jsDynamicCast<JSBoundFunction*>(value)) {
         unsigned index = 0;
-        JSArray* array = constructEmptyArray(exec, nullptr, 3);
+        JSArray* array = constructEmptyArray(exec, nullptr);
         array->putDirectIndex(exec, index++, constructInternalProperty(exec, "targetFunction", boundFunction->targetFunction()));
         array->putDirectIndex(exec, index++, constructInternalProperty(exec, "boundThis", boundFunction->boundThis()));
-        array->putDirectIndex(exec, index++, constructInternalProperty(exec, "boundArgs", boundFunction->boundArgs()));
+        if (boundFunction->boundArgs())
+            array->putDirectIndex(exec, index++, constructInternalProperty(exec, "boundArgs", boundFunction->boundArgs()));
         return array;
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes