Title: [223816] branches/safari-604-branch
- Revision
- 223816
- Author
- [email protected]
- Date
- 2017-10-21 12:19:47 -0700 (Sat, 21 Oct 2017)
Log Message
Cherry-pick r223731. rdar://problem/35100279
Modified Paths
Added Paths
Diff
Modified: branches/safari-604-branch/JSTests/ChangeLog (223815 => 223816)
--- branches/safari-604-branch/JSTests/ChangeLog 2017-10-21 19:19:44 UTC (rev 223815)
+++ branches/safari-604-branch/JSTests/ChangeLog 2017-10-21 19:19:47 UTC (rev 223816)
@@ -1,5 +1,19 @@
2017-10-21 Jason Marcell <[email protected]>
+ Cherry-pick r223731. rdar://problem/35100279
+
+ 2017-10-19 Mark Lam <[email protected]>
+
+ Stringifier::appendStringifiedValue() is missing an exception check.
+ https://bugs.webkit.org/show_bug.cgi?id=178386
+ <rdar://problem/35027610>
+
+ Reviewed by Saam Barati.
+
+ * stress/regress-178386.js: Added.
+
+2017-10-21 Jason Marcell <[email protected]>
+
Cherry-pick r223645. rdar://problem/34820875
2017-10-18 Mark Lam <[email protected]>
Added: branches/safari-604-branch/JSTests/stress/regress-178386.js (0 => 223816)
--- branches/safari-604-branch/JSTests/stress/regress-178386.js (rev 0)
+++ branches/safari-604-branch/JSTests/stress/regress-178386.js 2017-10-21 19:19:47 UTC (rev 223816)
@@ -0,0 +1,12 @@
+var str1 = String.fromCharCode(136, 115, 29, 20, 15, 155, 81);
+str3 = str1.padEnd(0x7FFFFFFC, '123');
+
+var exception;
+try {
+ JSON.stringify(str3);
+} catch (e) {
+ exception = e;
+}
+
+if (exception != "Error: Out of memory")
+ throw "FAILED";
Modified: branches/safari-604-branch/Source/_javascript_Core/ChangeLog (223815 => 223816)
--- branches/safari-604-branch/Source/_javascript_Core/ChangeLog 2017-10-21 19:19:44 UTC (rev 223815)
+++ branches/safari-604-branch/Source/_javascript_Core/ChangeLog 2017-10-21 19:19:47 UTC (rev 223816)
@@ -1,5 +1,20 @@
2017-10-21 Jason Marcell <[email protected]>
+ Cherry-pick r223731. rdar://problem/35100279
+
+ 2017-10-19 Mark Lam <[email protected]>
+
+ Stringifier::appendStringifiedValue() is missing an exception check.
+ https://bugs.webkit.org/show_bug.cgi?id=178386
+ <rdar://problem/35027610>
+
+ Reviewed by Saam Barati.
+
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::appendStringifiedValue):
+
+2017-10-21 Jason Marcell <[email protected]>
+
Cherry-pick r223645. rdar://problem/34820875
2017-10-18 Mark Lam <[email protected]>
Modified: branches/safari-604-branch/Source/_javascript_Core/runtime/JSONObject.cpp (223815 => 223816)
--- branches/safari-604-branch/Source/_javascript_Core/runtime/JSONObject.cpp 2017-10-21 19:19:44 UTC (rev 223815)
+++ branches/safari-604-branch/Source/_javascript_Core/runtime/JSONObject.cpp 2017-10-21 19:19:47 UTC (rev 223816)
@@ -355,7 +355,9 @@
}
if (value.isString()) {
- builder.appendQuotedJSONString(asString(value)->value(m_exec));
+ const String& string = asString(value)->value(m_exec);
+ RETURN_IF_EXCEPTION(scope, StringifyFailed);
+ builder.appendQuotedJSONString(string);
return StringifySucceeded;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
