[webkit-changes] [224770] trunk

[mark . lam]

Title: [224770] trunk

Revision

224770

Author

mark....@apple.com

Date

2017-11-13 12:18:15 -0800 (Mon, 13 Nov 2017)

Log Message

Make the jsc shell loadGetterFromGetterSetter() function more robust.
https://bugs.webkit.org/show_bug.cgi?id=179619
<rdar://problem/35492518>

Reviewed by Saam Barati.

JSTests:

* stress/regress-179619.js: Added.

Source/_javascript_Core:

* jsc.cpp:
(functionLoadGetterFromGetterSetter):

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/jsc.cpp

Added Paths

• trunk/JSTests/stress/regress-179619.js

Diff

Modified: trunk/JSTests/ChangeLog (224769 => 224770)

--- trunk/JSTests/ChangeLog	2017-11-13 20:16:09 UTC (rev 224769)
+++ trunk/JSTests/ChangeLog	2017-11-13 20:18:15 UTC (rev 224770)
@@ -1,3 +1,13 @@
+2017-11-13  Mark Lam  <mark....@apple.com>
+
+        Make the jsc shell loadGetterFromGetterSetter() function more robust.
+        https://bugs.webkit.org/show_bug.cgi?id=179619
+        <rdar://problem/35492518>
+
+        Reviewed by Saam Barati.
+
+        * stress/regress-179619.js: Added.
+
 2017-11-12  Mark Lam  <mark....@apple.com>
 
         We should ensure that operationStrCat2 and operationStrCat3 are never passed Symbols as arguments.

Added: trunk/JSTests/stress/regress-179619.js (0 => 224770)

--- trunk/JSTests/stress/regress-179619.js	                        (rev 0)
+++ trunk/JSTests/stress/regress-179619.js	2017-11-13 20:18:15 UTC (rev 224770)
@@ -0,0 +1,64 @@
+//@ runDefault
+
+var exception;
+var getter;
+
+try {
+    getter = loadGetterFromGetterSetter();
+} catch (e) {
+    exception = e;
+}
+if (exception != "TypeError: Invalid use of loadGetterFromGetterSetter test function: argument is not a GetterSetter")
+    throw "FAILED";
+if (getter)
+    throw "FAILED: unexpected result";
+exception = undefined;
+
+try {
+    getter = loadGetterFromGetterSetter(undefined);
+} catch (e) {
+    exception = e;
+}
+if (exception != "TypeError: Invalid use of loadGetterFromGetterSetter test function: argument is not a GetterSetter")
+    throw "FAILED";
+if (getter)
+    throw "FAILED: unexpected result";
+exception = undefined;
+
+function tryGetByIdText(propertyName) { return `(function (base) { return @tryGetById(base, '${propertyName}'); })`; }
+let getSetterGetter = createBuiltin(tryGetByIdText("bar"));
+
+try {
+    noGetterSetter = { };
+    getter = loadGetterFromGetterSetter(getSetterGetter(noGetterSetter, "bar"));
+} catch (e) {
+    exception = e;
+}
+if (exception != "TypeError: Invalid use of loadGetterFromGetterSetter test function: argument is not a GetterSetter")
+    throw "FAILED";
+if (getter)
+    throw "FAILED: unexpected result";
+exception = undefined;
+
+try {
+    hasGetter = { get bar() { return 22; } };
+    getter = loadGetterFromGetterSetter(getSetterGetter(hasGetter, "bar"));
+} catch (e) {
+    exception = e;
+}
+if (exception)
+    throw "FAILED: unexpected exception: " + exception;
+if (!getter)
+    throw "FAILED: unable to get getter";
+
+try {
+    // When a getter is not specified, a default getter should be assigned as long as there's also a setter.
+    hasSetter = { set bar(x) { return 22; } };
+    getter = loadGetterFromGetterSetter(getSetterGetter(hasSetter, "bar"));
+} catch (e) {
+    exception = e;
+}
+if (exception)
+    throw "FAILED: unexpected exception: " + exception;
+if (!getter)
+    throw "FAILED: unexpected result";

Modified: trunk/Source/_javascript_Core/ChangeLog (224769 => 224770)

--- trunk/Source/_javascript_Core/ChangeLog	2017-11-13 20:16:09 UTC (rev 224769)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-11-13 20:18:15 UTC (rev 224770)
@@ -1,3 +1,14 @@
+2017-11-13  Mark Lam  <mark....@apple.com>
+
+        Make the jsc shell loadGetterFromGetterSetter() function more robust.
+        https://bugs.webkit.org/show_bug.cgi?id=179619
+        <rdar://problem/35492518>
+
+        Reviewed by Saam Barati.
+
+        * jsc.cpp:
+        (functionLoadGetterFromGetterSetter):
+
 2017-11-12  Darin Adler  <da...@apple.com>
 
         More is<> and downcast<>, less static_cast<>

Modified: trunk/Source/_javascript_Core/jsc.cpp (224769 => 224770)

--- trunk/Source/_javascript_Core/jsc.cpp	2017-11-13 20:16:09 UTC (rev 224769)
+++ trunk/Source/_javascript_Core/jsc.cpp	2017-11-13 20:18:15 UTC (rev 224770)
@@ -3022,9 +3022,14 @@
 EncodedJSValue JSC_HOST_CALL functionLoadGetterFromGetterSetter(ExecState* exec)
 {
     VM& vm = exec->vm();
-    RELEASE_ASSERT(exec->argumentCount() >= 1);
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     GetterSetter* getterSetter = jsDynamicCast<GetterSetter*>(vm, exec->argument(0));
-    RELEASE_ASSERT(getterSetter);
+    if (UNLIKELY(!getterSetter)) {
+        throwTypeError(exec, scope, ASCIILiteral("Invalid use of loadGetterFromGetterSetter test function: argument is not a GetterSetter"));
+        return encodedJSValue();
+    }
+
     JSObject* getter = getterSetter->getter();
     RELEASE_ASSERT(getter);
     return JSValue::encode(getter);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes