Log Message
Add ThrowScope::release() calls at all call sites of jsMakeNontrivialString(). https://bugs.webkit.org/show_bug.cgi?id=163990
Reviewed by Geoffrey Garen. * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncToString): * runtime/ErrorPrototype.cpp: (JSC::errorProtoFuncToString): * runtime/FunctionPrototype.cpp: (JSC::functionProtoFuncToString): * runtime/RegExpPrototype.cpp: (JSC::regExpProtoFuncToString): * runtime/StringPrototype.cpp: (JSC::stringProtoFuncBig): (JSC::stringProtoFuncSmall): (JSC::stringProtoFuncBlink): (JSC::stringProtoFuncBold): (JSC::stringProtoFuncFixed): (JSC::stringProtoFuncItalics): (JSC::stringProtoFuncStrike): (JSC::stringProtoFuncSub): (JSC::stringProtoFuncSup): (JSC::stringProtoFuncFontcolor): (JSC::stringProtoFuncFontsize): (JSC::stringProtoFuncAnchor):
Modified Paths
- trunk/Source/_javascript_Core/ChangeLog
- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp
- trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp
- trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp
- trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp
- trunk/Source/_javascript_Core/runtime/StringPrototype.cpp
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (207850 => 207851)
--- trunk/Source/_javascript_Core/ChangeLog 2016-10-25 22:27:06 UTC (rev 207850)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-10-25 22:30:08 UTC (rev 207851)
@@ -1,5 +1,34 @@
2016-10-25 Mark Lam <[email protected]>
+ Add ThrowScope::release() calls at all call sites of jsMakeNontrivialString().
+ https://bugs.webkit.org/show_bug.cgi?id=163990
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncToString):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncBig):
+ (JSC::stringProtoFuncSmall):
+ (JSC::stringProtoFuncBlink):
+ (JSC::stringProtoFuncBold):
+ (JSC::stringProtoFuncFixed):
+ (JSC::stringProtoFuncItalics):
+ (JSC::stringProtoFuncStrike):
+ (JSC::stringProtoFuncSub):
+ (JSC::stringProtoFuncSup):
+ (JSC::stringProtoFuncFontcolor):
+ (JSC::stringProtoFuncFontsize):
+ (JSC::stringProtoFuncAnchor):
+
+2016-10-25 Mark Lam <[email protected]>
+
JSStringJoiner::joinedLength() should limit joined string lengths to INT_MAX.
https://bugs.webkit.org/show_bug.cgi?id=163937
<rdar://problem/28642990>
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (207850 => 207851)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2016-10-25 22:27:06 UTC (rev 207850)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2016-10-25 22:30:08 UTC (rev 207851)
@@ -372,8 +372,10 @@
if (callType == CallType::None)
customJoinCase = true;
- if (UNLIKELY(customJoinCase))
+ if (UNLIKELY(customJoinCase)) {
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "[object ", thisObject->methodTable(vm)->className(thisObject), "]"));
+ }
// 4. Return the result of calling the [[Call]] internal method of func providing array as the this value and an empty arguments list.
if (!isJSArray(thisObject) || callType != CallType::Host || callData.native.function != arrayProtoFuncJoin)
Modified: trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp (207850 => 207851)
--- trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp 2016-10-25 22:27:06 UTC (rev 207850)
+++ trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp 2016-10-25 22:30:08 UTC (rev 207851)
@@ -120,6 +120,7 @@
return JSValue::encode(name.isString() ? name : jsString(exec, nameString));
// 10. Return the result of concatenating name, ":", a single space character, and msg.
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, nameString, ": ", messageString));
}
Modified: trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp (207850 => 207851)
--- trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp 2016-10-25 22:27:06 UTC (rev 207850)
+++ trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp 2016-10-25 22:30:08 UTC (rev 207851)
@@ -94,8 +94,10 @@
JSValue thisValue = exec->thisValue();
if (thisValue.inherits(JSFunction::info())) {
JSFunction* function = jsCast<JSFunction*>(thisValue);
- if (function->isHostOrBuiltinFunction())
+ if (function->isHostOrBuiltinFunction()) {
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "function ", function->name(vm), "() {\n [native code]\n}"));
+ }
FunctionExecutable* executable = function->jsExecutable();
if (executable->isClass()) {
@@ -108,11 +110,13 @@
StringView source = executable->source().provider()->getRange(
executable->parametersStartOffset(),
executable->parametersStartOffset() + executable->source().length());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, functionHeader, function->name(vm), source));
}
if (thisValue.inherits(InternalFunction::info())) {
InternalFunction* function = asInternalFunction(thisValue);
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "function ", function->name(), "() {\n [native code]\n}"));
}
@@ -121,8 +125,10 @@
if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
CallData callData;
if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) {
- if (auto* classInfo = object->classInfo())
+ if (auto* classInfo = object->classInfo()) {
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "function ", classInfo->className, "() {\n [native code]\n}"));
+ }
}
}
}
Modified: trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp (207850 => 207851)
--- trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp 2016-10-25 22:27:06 UTC (rev 207850)
+++ trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp 2016-10-25 22:30:08 UTC (rev 207851)
@@ -241,6 +241,7 @@
String flags = flagsValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, '/', source, '/', flags));
}
Modified: trunk/Source/_javascript_Core/runtime/StringPrototype.cpp (207850 => 207851)
--- trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2016-10-25 22:27:06 UTC (rev 207850)
+++ trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2016-10-25 22:30:08 UTC (rev 207851)
@@ -1497,6 +1497,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<big>", s, "</big>"));
}
@@ -1510,6 +1511,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<small>", s, "</small>"));
}
@@ -1523,6 +1525,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<blink>", s, "</blink>"));
}
@@ -1536,6 +1539,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<b>", s, "</b>"));
}
@@ -1549,6 +1553,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<tt>", s, "</tt>"));
}
@@ -1562,6 +1567,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<i>", s, "</i>"));
}
@@ -1575,6 +1581,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<strike>", s, "</strike>"));
}
@@ -1588,6 +1595,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<sub>", s, "</sub>"));
}
@@ -1601,6 +1609,7 @@
return throwVMTypeError(exec, scope);
String s = thisValue.toString(exec)->value(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<sup>", s, "</sup>"));
}
@@ -1619,6 +1628,7 @@
String color = a0.toWTFString(exec);
color.replaceWithLiteral('"', """);
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<font color=\"", color, "\">", s, "</font>"));
}
@@ -1673,6 +1683,7 @@
String fontSize = a0.toWTFString(exec);
fontSize.replaceWithLiteral('"', """);
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<font size=\"", fontSize, "\">", s, "</font>"));
}
@@ -1691,6 +1702,7 @@
String anchor = a0.toWTFString(exec);
anchor.replaceWithLiteral('"', """);
+ scope.release();
return JSValue::encode(jsMakeNontrivialString(exec, "<a name=\"", anchor, "\">", s, "</a>"));
}
_______________________________________________ webkit-changes mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-changes
