Title: [231572] trunk/Source/_javascript_Core
- Revision
- 231572
- Author
- [email protected]
- Date
- 2018-05-09 10:29:39 -0700 (Wed, 09 May 2018)
Log Message
[JSC] Fix ArraySpeciesCreate to return a new Array when the given object is not an array
Error found in the following Test262 tests:
- test/built-ins/Array/prototype/slice/create-non-array-invalid-len.js
- test/built-ins/Array/prototype/slice/create-proxied-array-invalid-len.js
- test/built-ins/Array/prototype/splice/create-species-undef-invalid-len.js
The ArraySpeciesCreate should throw a RangeError with non-Array custom objects
presenting a length > 2**32-1
https://bugs.webkit.org/show_bug.cgi?id=185476
Patch by Leo Balter <[email protected]> on 2018-05-09
Reviewed by Yusuke Suzuki.
* runtime/ArrayPrototype.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (231571 => 231572)
--- trunk/Source/_javascript_Core/ChangeLog 2018-05-09 17:20:46 UTC (rev 231571)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-05-09 17:29:39 UTC (rev 231572)
@@ -1,3 +1,20 @@
+2018-05-09 Leo Balter <[email protected]>
+
+ [JSC] Fix ArraySpeciesCreate to return a new Array when the given object is not an array
+ Error found in the following Test262 tests:
+
+ - test/built-ins/Array/prototype/slice/create-non-array-invalid-len.js
+ - test/built-ins/Array/prototype/slice/create-proxied-array-invalid-len.js
+ - test/built-ins/Array/prototype/splice/create-species-undef-invalid-len.js
+
+ The ArraySpeciesCreate should throw a RangeError with non-Array custom objects
+ presenting a length > 2**32-1
+ https://bugs.webkit.org/show_bug.cgi?id=185476
+
+ Reviewed by Yusuke Suzuki.
+
+ * runtime/ArrayPrototype.cpp:
+
2018-05-09 Michael Catanzaro <[email protected]>
[WPE] Build cleanly with GCC 8 and ICU 60
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (231571 => 231572)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2018-05-09 17:20:46 UTC (rev 231571)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2018-05-09 17:29:39 UTC (rev 231572)
@@ -247,8 +247,10 @@
if (constructor.isNull())
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);;
}
- } else
- RETURN_IF_EXCEPTION(scope, exceptionResult());
+ } else {
+ // If isArray is false, return ? ArrayCreate(length).
+ return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
+ }
if (constructor.isUndefined())
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
