Title: [205229] branches/safari-602-branch/Source/_javascript_Core
- Revision
- 205229
- Author
- [email protected]
- Date
- 2016-08-31 00:20:03 -0700 (Wed, 31 Aug 2016)
Log Message
Merge r203853. rdar://problem/27991580
Modified Paths
Added Paths
Diff
Modified: branches/safari-602-branch/Source/_javascript_Core/ChangeLog (205228 => 205229)
--- branches/safari-602-branch/Source/_javascript_Core/ChangeLog 2016-08-31 07:19:59 UTC (rev 205228)
+++ branches/safari-602-branch/Source/_javascript_Core/ChangeLog 2016-08-31 07:20:03 UTC (rev 205229)
@@ -1,5 +1,25 @@
2016-08-30 Babak Shafiei <[email protected]>
+ Merge r203853. rdar://problem/27991580
+
+ 2016-07-28 Mark Lam <[email protected]>
+
+ ASSERTION FAILED in errorProtoFuncToString() when Error name is a single char string.
+ https://bugs.webkit.org/show_bug.cgi?id=160324
+ <rdar://problem/27389572>
+
+ Reviewed by Keith Miller.
+
+ The issue is that errorProtoFuncToString() was using jsNontrivialString() to
+ generate the error string even when the name string can be a single character
+ string. This is incorrect. We should be using jsString() instead.
+
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+ * tests/stress/errors-with-simple-names-or-messages-should-not-crash-toString.js: Added.
+
+2016-08-30 Babak Shafiei <[email protected]>
+
Merge r203834. rdar://problem/27991582
2016-07-28 Mark Lam <[email protected]>
Modified: branches/safari-602-branch/Source/_javascript_Core/runtime/ErrorPrototype.cpp (205228 => 205229)
--- branches/safari-602-branch/Source/_javascript_Core/runtime/ErrorPrototype.cpp 2016-08-31 07:19:59 UTC (rev 205228)
+++ branches/safari-602-branch/Source/_javascript_Core/runtime/ErrorPrototype.cpp 2016-08-31 07:20:03 UTC (rev 205229)
@@ -118,7 +118,7 @@
// 9. If msg is the empty String, return name.
if (!messageString.length())
- return JSValue::encode(name.isString() ? name : jsNontrivialString(exec, nameString));
+ return JSValue::encode(name.isString() ? name : jsString(exec, nameString));
// 10. Return the result of concatenating name, ":", a single space character, and msg.
return JSValue::encode(jsMakeNontrivialString(exec, nameString, ": ", messageString));
Added: branches/safari-602-branch/Source/_javascript_Core/tests/stress/errors-with-simple-names-or-messages-should-not-crash-toString.js (0 => 205229)
--- branches/safari-602-branch/Source/_javascript_Core/tests/stress/errors-with-simple-names-or-messages-should-not-crash-toString.js (rev 0)
+++ branches/safari-602-branch/Source/_javascript_Core/tests/stress/errors-with-simple-names-or-messages-should-not-crash-toString.js 2016-08-31 07:20:03 UTC (rev 205229)
@@ -0,0 +1,12 @@
+//@ runDefault
+// This test should not crash.
+
+Error.prototype.name = 0
+Error().toString();
+Error("1").toString();
+Error(0).toString();
+
+Error.prototype.name = ""
+Error().toString();
+Error("1").toString();
+Error(0).toString();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
