Modified: trunk/Source/_javascript_Core/ChangeLog (208934 => 208935)
--- trunk/Source/_javascript_Core/ChangeLog 2016-11-21 00:57:27 UTC (rev 208934)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-11-21 01:31:20 UTC (rev 208935)
@@ -1,3 +1,16 @@
+2016-11-20 Mark Lam <[email protected]>
+
+ Fix exception scope verification failures in DateConstructor.cpp and DatePrototype.cpp.
+ https://bugs.webkit.org/show_bug.cgi?id=164995
+
+ Reviewed by Darin Adler.
+
+ * runtime/DateConstructor.cpp:
+ (JSC::millisecondsFromComponents):
+ (JSC::constructDate):
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToPrimitiveSymbol):
+
2016-11-20 Caitlin Potter <[email protected]>
[JSC] speed up parsing of async functions
Modified: trunk/Source/_javascript_Core/runtime/DateConstructor.cpp (208934 => 208935)
--- trunk/Source/_javascript_Core/runtime/DateConstructor.cpp 2016-11-21 00:57:27 UTC (rev 208934)
+++ trunk/Source/_javascript_Core/runtime/DateConstructor.cpp 2016-11-21 01:31:20 UTC (rev 208935)
@@ -109,16 +109,15 @@
static double millisecondsFromComponents(ExecState* exec, const ArgList& args, WTF::TimeType timeType)
{
- double doubleArguments[] = {
- args.at(0).toNumber(exec),
- args.at(1).toNumber(exec),
- args.at(2).toNumber(exec),
- args.at(3).toNumber(exec),
- args.at(4).toNumber(exec),
- args.at(5).toNumber(exec),
- args.at(6).toNumber(exec)
- };
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+ double doubleArguments[7];
+ for (int i = 0; i < 7; i++) {
+ doubleArguments[i] = args.at(i).toNumber(exec);
+ RETURN_IF_EXCEPTION(scope, 0);
+ }
+
int numArgs = args.size();
if ((!std::isfinite(doubleArguments[0]) || (doubleArguments[0] > INT_MAX) || (doubleArguments[0] < INT_MIN))
@@ -140,7 +139,7 @@
t.setSecond(JSC::toInt32(doubleArguments[5]));
t.setIsDST(-1);
double ms = (numArgs >= 7) ? doubleArguments[6] : 0;
- return gregorianDateTimeToMS(exec->vm(), t, ms, timeType);
+ return gregorianDateTimeToMS(vm, t, ms, timeType);
}
// ECMA 15.9.3
@@ -159,6 +158,7 @@
value = asDateInstance(args.at(0))->internalNumber();
else {
JSValue primitive = args.at(0).toPrimitive(exec);
+ RETURN_IF_EXCEPTION(scope, nullptr);
if (primitive.isString())
value = parseDate(vm, primitive.getString(exec));
else
@@ -166,6 +166,7 @@
}
} else
value = millisecondsFromComponents(exec, args, WTF::LocalTime);
+ RETURN_IF_EXCEPTION(scope, nullptr);
Structure* dateStructure = InternalFunction::createSubclassStructure(exec, newTarget, globalObject->dateStructure());
RETURN_IF_EXCEPTION(scope, nullptr);
Modified: trunk/Source/_javascript_Core/runtime/DatePrototype.cpp (208934 => 208935)
--- trunk/Source/_javascript_Core/runtime/DatePrototype.cpp 2016-11-21 00:57:27 UTC (rev 208934)
+++ trunk/Source/_javascript_Core/runtime/DatePrototype.cpp 2016-11-21 01:31:20 UTC (rev 208935)
@@ -620,6 +620,7 @@
if (type == NoPreference)
type = PreferString;
+ scope.release();
return JSValue::encode(thisObject->ordinaryToPrimitive(exec, type));
}
