[webkit-changes] [217695] trunk/Source/WebKit2

Thu, 01 Jun 2017 21:35:54 -0700

Title: [217695] trunk/Source/WebKit2
Revision
217695
Author
[email protected]
Date
2017-06-01 21:35:25 -0700 (Thu, 01 Jun 2017)

Log Message

REGRESSION (r206386): Xactimate Website Crashes @ com.apple.WebKit: WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant + 255
https://bugs.webkit.org/show_bug.cgi?id=172846
<rdar://problem/31093005>

Reviewed by Andreas Kling.

In NPJSObject::invoke(), return early if there was an exception when calling JSC::call().
Using the value returned by JSC::call() when an exception occurred is unsafe.

* WebProcess/Plugins/Netscape/NPJSObject.cpp:
(WebKit::NPJSObject::invoke):

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (217694 => 217695)


--- trunk/Source/WebKit2/ChangeLog	2017-06-02 04:17:13 UTC (rev 217694)
+++ trunk/Source/WebKit2/ChangeLog	2017-06-02 04:35:25 UTC (rev 217695)
@@ -1,3 +1,17 @@
+2017-06-01  Chris Dumez  <[email protected]>
+
+        REGRESSION (r206386): Xactimate Website Crashes @ com.apple.WebKit: WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant + 255
+        https://bugs.webkit.org/show_bug.cgi?id=172846
+        <rdar://problem/31093005>
+
+        Reviewed by Andreas Kling.
+
+        In NPJSObject::invoke(), return early if there was an exception when calling JSC::call().
+        Using the value returned by JSC::call() when an exception occurred is unsafe.
+
+        * WebProcess/Plugins/Netscape/NPJSObject.cpp:
+        (WebKit::NPJSObject::invoke):
+
 2017-06-01  Jon Lee  <[email protected]>
 
         Rename an experimental feature item

Modified: trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp (217694 => 217695)


--- trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp	2017-06-02 04:17:13 UTC (rev 217694)
+++ trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp	2017-06-02 04:35:25 UTC (rev 217695)
@@ -311,9 +311,13 @@
 
     JSValue value = JSC::call(exec, function, callType, callData, m_jsObject.get(), argumentList);
 
+    if (UNLIKELY(scope.exception())) {
+        scope.clearException();
+        return false;
+    }
+
     // Convert and return the result of the function call.
     m_objectMap->convertJSValueToNPVariant(exec, value, *result);
-    scope.clearException();
     
     return true;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to