Title: [231539] branches/safari-605-branch
- Revision
- 231539
- Author
- [email protected]
- Date
- 2018-05-08 22:01:09 -0700 (Tue, 08 May 2018)
Log Message
Cherry-pick r230980. rdar://problem/40050820
fromCharCode is missing some exception checks
https://bugs.webkit.org/show_bug.cgi?id=184952
Reviewed by Saam Barati.
JSTests:
* stress/fromCharCode-exception-check.js: Added.
(get catch):
Source/_javascript_Core:
I also removed the pointless slow path function and moved it into the
main function.
* runtime/StringConstructor.cpp:
(JSC::stringFromCharCode):
(JSC::stringFromCharCodeSlowCase): Deleted.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230980 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-605-branch/JSTests/ChangeLog (231538 => 231539)
--- branches/safari-605-branch/JSTests/ChangeLog 2018-05-09 04:32:00 UTC (rev 231538)
+++ branches/safari-605-branch/JSTests/ChangeLog 2018-05-09 05:01:09 UTC (rev 231539)
@@ -1,5 +1,40 @@
2018-05-08 Jason Marcell <[email protected]>
+ Cherry-pick r230980. rdar://problem/40050820
+
+ fromCharCode is missing some exception checks
+ https://bugs.webkit.org/show_bug.cgi?id=184952
+
+ Reviewed by Saam Barati.
+
+ JSTests:
+
+ * stress/fromCharCode-exception-check.js: Added.
+ (get catch):
+
+ Source/_javascript_Core:
+
+ I also removed the pointless slow path function and moved it into the
+ main function.
+
+ * runtime/StringConstructor.cpp:
+ (JSC::stringFromCharCode):
+ (JSC::stringFromCharCodeSlowCase): Deleted.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230980 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-04-24 Keith Miller <[email protected]>
+
+ fromCharCode is missing some exception checks
+ https://bugs.webkit.org/show_bug.cgi?id=184952
+
+ Reviewed by Saam Barati.
+
+ * stress/fromCharCode-exception-check.js: Added.
+ (get catch):
+
+2018-05-08 Jason Marcell <[email protected]>
+
Cherry-pick r231196. rdar://problem/40050709
IntlObject.cpp::removeUnicodeLocaleExtension() should not touch locales that end in '-u'
Added: branches/safari-605-branch/JSTests/stress/fromCharCode-exception-check.js (0 => 231539)
--- branches/safari-605-branch/JSTests/stress/fromCharCode-exception-check.js (rev 0)
+++ branches/safari-605-branch/JSTests/stress/fromCharCode-exception-check.js 2018-05-09 05:01:09 UTC (rev 231539)
@@ -0,0 +1,8 @@
+// This shouldn't crash.
+
+try {
+ String.fromCharCode(Symbol(), new Proxy({}, { get() { } }));
+} catch (e) {
+ if (!(e instanceof TypeError) || e.message !== "Cannot convert a symbol to a number")
+ throw new Error("bad error type or message" + e);
+}
Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (231538 => 231539)
--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-05-09 04:32:00 UTC (rev 231538)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-05-09 05:01:09 UTC (rev 231539)
@@ -1,5 +1,44 @@
2018-05-08 Jason Marcell <[email protected]>
+ Cherry-pick r230980. rdar://problem/40050820
+
+ fromCharCode is missing some exception checks
+ https://bugs.webkit.org/show_bug.cgi?id=184952
+
+ Reviewed by Saam Barati.
+
+ JSTests:
+
+ * stress/fromCharCode-exception-check.js: Added.
+ (get catch):
+
+ Source/_javascript_Core:
+
+ I also removed the pointless slow path function and moved it into the
+ main function.
+
+ * runtime/StringConstructor.cpp:
+ (JSC::stringFromCharCode):
+ (JSC::stringFromCharCodeSlowCase): Deleted.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230980 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-04-24 Keith Miller <[email protected]>
+
+ fromCharCode is missing some exception checks
+ https://bugs.webkit.org/show_bug.cgi?id=184952
+
+ Reviewed by Saam Barati.
+
+ I also removed the pointless slow path function and moved it into the
+ main function.
+
+ * runtime/StringConstructor.cpp:
+ (JSC::stringFromCharCode):
+ (JSC::stringFromCharCodeSlowCase): Deleted.
+
+2018-05-08 Jason Marcell <[email protected]>
+
Cherry-pick r231196. rdar://problem/40050709
IntlObject.cpp::removeUnicodeLocaleExtension() should not touch locales that end in '-u'
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/StringConstructor.cpp (231538 => 231539)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/StringConstructor.cpp 2018-05-09 04:32:00 UTC (rev 231538)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/StringConstructor.cpp 2018-05-09 05:01:09 UTC (rev 231539)
@@ -70,23 +70,29 @@
// ------------------------------ Functions --------------------------------
-static NEVER_INLINE JSValue stringFromCharCodeSlowCase(ExecState* exec)
+static EncodedJSValue JSC_HOST_CALL stringFromCharCode(ExecState* exec)
{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
unsigned length = exec->argumentCount();
+ if (LIKELY(length == 1)) {
+ unsigned code = exec->uncheckedArgument(0).toUInt32(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
+ return JSValue::encode(jsSingleCharacterString(exec, code));
+ }
+
UChar* buf;
auto impl = StringImpl::createUninitialized(length, buf);
- for (unsigned i = 0; i < length; ++i)
+ for (unsigned i = 0; i < length; ++i) {
buf[i] = static_cast<UChar>(exec->uncheckedArgument(i).toUInt32(exec));
- return jsString(exec, WTFMove(impl));
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ }
+ scope.release();
+ return JSValue::encode(jsString(exec, WTFMove(impl)));
}
-static EncodedJSValue JSC_HOST_CALL stringFromCharCode(ExecState* exec)
-{
- if (LIKELY(exec->argumentCount() == 1))
- return JSValue::encode(jsSingleCharacterString(exec, exec->uncheckedArgument(0).toUInt32(exec)));
- return JSValue::encode(stringFromCharCodeSlowCase(exec));
-}
-
JSCell* JSC_HOST_CALL stringFromCharCode(ExecState* exec, int32_t arg)
{
return jsSingleCharacterString(exec, arg);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
