[webkit-changes] [214085] trunk/Source/JavaScriptCore

Thu, 16 Mar 2017 17:51:41 -0700

Title: [214085] trunk/Source/_javascript_Core
Revision
214085
Author
[email protected]
Date
2017-03-16 17:51:01 -0700 (Thu, 16 Mar 2017)

Log Message

Fix exception scope verification failures in GenericArgumentsInlines.h.
https://bugs.webkit.org/show_bug.cgi?id=165012

Reviewed by Saam Barati.

* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::defineOwnProperty):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (214084 => 214085)


--- trunk/Source/_javascript_Core/ChangeLog	2017-03-17 00:47:16 UTC (rev 214084)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-03-17 00:51:01 UTC (rev 214085)
@@ -1,3 +1,13 @@
+2017-03-16  Mark Lam  <[email protected]>
+
+        Fix exception scope verification failures in GenericArgumentsInlines.h.
+        https://bugs.webkit.org/show_bug.cgi?id=165012
+
+        Reviewed by Saam Barati.
+
+        * runtime/GenericArgumentsInlines.h:
+        (JSC::GenericArguments<Type>::defineOwnProperty):
+
 2017-03-16  Simon Fraser  <[email protected]>
 
         Improve the system tracing points

Modified: trunk/Source/_javascript_Core/runtime/GenericArgumentsInlines.h (214084 => 214085)


--- trunk/Source/_javascript_Core/runtime/GenericArgumentsInlines.h	2017-03-17 00:47:16 UTC (rev 214084)
+++ trunk/Source/_javascript_Core/runtime/GenericArgumentsInlines.h	2017-03-17 00:51:01 UTC (rev 214085)
@@ -200,6 +200,7 @@
 {
     Type* thisObject = jsCast<Type*>(object);
     VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
     
     if (ident == vm.propertyNames->length
         || ident == vm.propertyNames->callee
@@ -226,7 +227,8 @@
                     JSValue value = thisObject->getIndexQuickly(index);
                     ASSERT(value);
                     object->putDirectMayBeIndex(exec, ident, value);
-                    
+                    ASSERT(!scope.exception());
+
                     thisObject->setModifiedArgumentDescriptor(vm, index);
                 }
             }
@@ -250,6 +252,7 @@
     }
 
     // Now just let the normal object machinery do its thing.
+    scope.release();
     return Base::defineOwnProperty(object, exec, ident, descriptor, shouldThrow);
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to