Title: [206876] trunk/Source/_javascript_Core
- Revision
- 206876
- Author
- [email protected]
- Date
- 2016-10-06 13:13:50 -0700 (Thu, 06 Oct 2016)
Log Message
getInternalObjcObject should validate the JSManagedObject's value.
https://bugs.webkit.org/show_bug.cgi?id=162985
Reviewed by Geoffrey Garen.
Previously, if, for instance, the JSManagedObject's weak value had been
cleared we would call tryUnwrapObjcObject with a nil context and value.
This triggered assertions failures as those functions expect their inputs
to be valid.
* API/JSVirtualMachine.mm:
(getInternalObjcObject):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/API/JSVirtualMachine.mm (206875 => 206876)
--- trunk/Source/_javascript_Core/API/JSVirtualMachine.mm 2016-10-06 19:45:52 UTC (rev 206875)
+++ trunk/Source/_javascript_Core/API/JSVirtualMachine.mm 2016-10-06 20:13:50 UTC (rev 206876)
@@ -132,6 +132,8 @@
{
if ([object isKindOfClass:[JSManagedValue class]]) {
JSValue* value = [static_cast<JSManagedValue *>(object) value];
+ if (!value)
+ return nil;
id temp = tryUnwrapObjcObject([value.context JSGlobalContextRef], [value JSValueRef]);
if (temp)
return temp;
Modified: trunk/Source/_javascript_Core/API/tests/testapi.mm (206875 => 206876)
--- trunk/Source/_javascript_Core/API/tests/testapi.mm 2016-10-06 19:45:52 UTC (rev 206875)
+++ trunk/Source/_javascript_Core/API/tests/testapi.mm 2016-10-06 20:13:50 UTC (rev 206876)
@@ -1182,6 +1182,22 @@
}
@autoreleasepool {
+ static const unsigned count = 100;
+ NSMutableArray *array = [NSMutableArray arrayWithCapacity:count];
+ JSContext *context = [[JSContext alloc] init];
+ @autoreleasepool {
+ for (unsigned i = 0; i < count; ++i) {
+ JSValue *object = [JSValue valueWithNewObjectInContext:context];
+ JSManagedValue *managedObject = [JSManagedValue managedValueWithValue:object];
+ [array addObject:managedObject];
+ }
+ }
+ JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]);
+ for (unsigned i = 0; i < count; ++i)
+ [context.virtualMachine addManagedReference:array[i] withOwner:array];
+ }
+
+ @autoreleasepool {
TestObject *testObject = [TestObject testObject];
JSManagedValue *managedTestObject;
@autoreleasepool {
Modified: trunk/Source/_javascript_Core/ChangeLog (206875 => 206876)
--- trunk/Source/_javascript_Core/ChangeLog 2016-10-06 19:45:52 UTC (rev 206875)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-10-06 20:13:50 UTC (rev 206876)
@@ -1,3 +1,18 @@
+2016-10-06 Keith Miller <[email protected]>
+
+ getInternalObjcObject should validate the JSManagedObject's value.
+ https://bugs.webkit.org/show_bug.cgi?id=162985
+
+ Reviewed by Geoffrey Garen.
+
+ Previously, if, for instance, the JSManagedObject's weak value had been
+ cleared we would call tryUnwrapObjcObject with a nil context and value.
+ This triggered assertions failures as those functions expect their inputs
+ to be valid.
+
+ * API/JSVirtualMachine.mm:
+ (getInternalObjcObject):
+
2016-10-06 Brian Burg <[email protected]>
Web Inspector: RemoteInspector should cache client capabilities for off-main thread usage
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
