Title: [213038] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core
- Revision
- 213038
- Author
- [email protected]
- Date
- 2017-02-27 01:03:23 -0800 (Mon, 27 Feb 2017)
Log Message
Merge r212779 - Add missing exception checks detected by running marathon.js.
https://bugs.webkit.org/show_bug.cgi?id=168687
Reviewed by Saam Barati.
When running the marathon.js test from https://bugs.webkit.org/show_bug.cgi?id=168580,
we get some crashes due to missing exception checks. This patch adds those
missing exception checks.
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::toPropertyKey):
* runtime/JSObject.cpp:
(JSC::JSObject::getPrimitiveNumber):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (213037 => 213038)
--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog 2017-02-27 08:24:07 UTC (rev 213037)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog 2017-02-27 09:03:23 UTC (rev 213038)
@@ -1,3 +1,19 @@
+2017-02-21 Mark Lam <[email protected]>
+
+ Add missing exception checks detected by running marathon.js.
+ https://bugs.webkit.org/show_bug.cgi?id=168687
+
+ Reviewed by Saam Barati.
+
+ When running the marathon.js test from https://bugs.webkit.org/show_bug.cgi?id=168580,
+ we get some crashes due to missing exception checks. This patch adds those
+ missing exception checks.
+
+ * runtime/JSCJSValueInlines.h:
+ (JSC::JSValue::toPropertyKey):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPrimitiveNumber):
+
2017-02-20 Filip Pizlo <[email protected]>
The collector thread should only start when the mutator doesn't have heap access
Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSCJSValueInlines.h (213037 => 213038)
--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSCJSValueInlines.h 2017-02-27 08:24:07 UTC (rev 213037)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSCJSValueInlines.h 2017-02-27 09:03:23 UTC (rev 213038)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -638,12 +638,17 @@
ALWAYS_INLINE Identifier JSValue::toPropertyKey(ExecState* exec) const
{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
if (isString())
return asString(*this)->toIdentifier(exec);
JSValue primitive = toPrimitive(exec, PreferString);
+ RETURN_IF_EXCEPTION(scope, vm.propertyNames->emptyIdentifier);
if (primitive.isSymbol())
return Identifier::fromUid(asSymbol(primitive)->privateName());
+ scope.release();
return primitive.toString(exec)->toIdentifier(exec);
}
Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSObject.cpp (213037 => 213038)
--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSObject.cpp 2017-02-27 08:24:07 UTC (rev 213037)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/runtime/JSObject.cpp 2017-02-27 09:03:23 UTC (rev 213038)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 1999-2001 Harri Porten ([email protected])
* Copyright (C) 2001 Peter Kelly ([email protected])
- * Copyright (C) 2003-2006, 2008-2009, 2012-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2017 Apple Inc. All rights reserved.
* Copyright (C) 2007 Eric Seidel ([email protected])
*
* This library is free software; you can redistribute it and/or
@@ -1972,7 +1972,12 @@
bool JSObject::getPrimitiveNumber(ExecState* exec, double& number, JSValue& result) const
{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
result = toPrimitive(exec, PreferNumber);
+ RETURN_IF_EXCEPTION(scope, false);
+ scope.release();
number = result.toNumber(exec);
return !result.isString();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
