Title: [208834] trunk/Source/_javascript_Core
- Revision
- 208834
- Author
- [email protected]
- Date
- 2016-11-16 17:34:32 -0800 (Wed, 16 Nov 2016)
Log Message
ExceptionFuzz needs to placate exception check verification before overwriting a thrown exception.
https://bugs.webkit.org/show_bug.cgi?id=164843
Reviewed by Keith Miller.
The ThrowScope will check for unchecked simulated exceptions before throwing a
new exception. This ensures that we don't quietly overwrite a pending exception
(which should never happen, with the only exception being to rethrow the same
exception). However, ExceptionFuzz works by intentionally throwing its own
exception even when one may already exist thereby potentially overwriting an
existing exception. This is ok for ExceptionFuzz testing, but we need to placate
the exception check verifier before ExceptionFuzz throws its own exception.
* runtime/ExceptionFuzz.cpp:
(JSC::doExceptionFuzzing):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (208833 => 208834)
--- trunk/Source/_javascript_Core/ChangeLog 2016-11-17 01:26:33 UTC (rev 208833)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-11-17 01:34:32 UTC (rev 208834)
@@ -1,3 +1,21 @@
+2016-11-16 Mark Lam <[email protected]>
+
+ ExceptionFuzz needs to placate exception check verification before overwriting a thrown exception.
+ https://bugs.webkit.org/show_bug.cgi?id=164843
+
+ Reviewed by Keith Miller.
+
+ The ThrowScope will check for unchecked simulated exceptions before throwing a
+ new exception. This ensures that we don't quietly overwrite a pending exception
+ (which should never happen, with the only exception being to rethrow the same
+ exception). However, ExceptionFuzz works by intentionally throwing its own
+ exception even when one may already exist thereby potentially overwriting an
+ existing exception. This is ok for ExceptionFuzz testing, but we need to placate
+ the exception check verifier before ExceptionFuzz throws its own exception.
+
+ * runtime/ExceptionFuzz.cpp:
+ (JSC::doExceptionFuzzing):
+
2016-11-16 Geoffrey Garen <[email protected]>
UnlinkedCodeBlock should not have a starting line number
Modified: trunk/Source/_javascript_Core/runtime/ExceptionFuzz.cpp (208833 => 208834)
--- trunk/Source/_javascript_Core/runtime/ExceptionFuzz.cpp 2016-11-17 01:26:33 UTC (rev 208833)
+++ trunk/Source/_javascript_Core/runtime/ExceptionFuzz.cpp 2016-11-17 01:34:32 UTC (rev 208834)
@@ -49,6 +49,15 @@
if (fireTarget == s_numberOfExceptionFuzzChecks) {
printf("JSC EXCEPTION FUZZ: Throwing fuzz exception with call frame %p, seen in %s and return address %p.\n", exec, where, returnPC);
fflush(stdout);
+
+ // The ThrowScope also checks for unchecked simulated exceptions before throwing a
+ // new exception. This ensures that we don't quietly overwrite a pending exception
+ // (which should never happen with the only exception being to rethrow the same
+ // exception). However, ExceptionFuzz works by intentionally throwing its own exception
+ // even when one may already exist. This is ok for ExceptionFuzz testing, but we need
+ // to placate the exception check verifier here.
+ ASSERT(scope.exception() || !scope.exception());
+
throwException(exec, scope, createError(exec, ASCIILiteral("Exception Fuzz")));
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
