[webkit-changes] [233540] trunk/Source/JavaScriptCore

Thu, 05 Jul 2018 14:35:44 -0700

Title: [233540] trunk/Source/_javascript_Core
Revision
233540
Author
[email protected]
Date
2018-07-05 14:35:09 -0700 (Thu, 05 Jul 2018)

Log Message

ProgramExecutable may be collected as we checkSyntax on it
https://bugs.webkit.org/show_bug.cgi?id=187359
<rdar://problem/41832135>

Reviewed by Mark Lam.

The bug was we were passing in a reference to the SourceCode field on ProgramExecutable as
the ProgramExecutable itself may be collected. The fix here is to make a copy
of the field instead of passing in a reference inside of ParserError::toErrorObject.

No new tests here as this was already caught by our iOS JSC testers.

* parser/ParserError.h:
(JSC::ParserError::toErrorObject):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (233539 => 233540)


--- trunk/Source/_javascript_Core/ChangeLog	2018-07-05 21:02:47 UTC (rev 233539)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-07-05 21:35:09 UTC (rev 233540)
@@ -1,3 +1,20 @@
+2018-07-05  Saam Barati  <[email protected]>
+
+        ProgramExecutable may be collected as we checkSyntax on it
+        https://bugs.webkit.org/show_bug.cgi?id=187359
+        <rdar://problem/41832135>
+
+        Reviewed by Mark Lam.
+
+        The bug was we were passing in a reference to the SourceCode field on ProgramExecutable as
+        the ProgramExecutable itself may be collected. The fix here is to make a copy
+        of the field instead of passing in a reference inside of ParserError::toErrorObject.
+        
+        No new tests here as this was already caught by our iOS JSC testers.
+
+        * parser/ParserError.h:
+        (JSC::ParserError::toErrorObject):
+
 2018-07-04  Tim Horton  <[email protected]>
 
         Introduce PLATFORM(IOSMAC)

Modified: trunk/Source/_javascript_Core/parser/ParserError.h (233539 => 233540)


--- trunk/Source/_javascript_Core/parser/ParserError.h	2018-07-05 21:02:47 UTC (rev 233539)
+++ trunk/Source/_javascript_Core/parser/ParserError.h	2018-07-05 21:35:09 UTC (rev 233540)
@@ -86,7 +86,8 @@
     ErrorType type() const { return m_type; }
 
     JSObject* toErrorObject(
-        JSGlobalObject* globalObject, const SourceCode& source, 
+        JSGlobalObject* globalObject,
+        SourceCode source, // Note: We must copy the source here, since the objects that pass in their SourceCode field may be destroyed in addErrorInfo.
         int overrideLineNumber = -1)
     {
         ExecState* exec = globalObject->globalExec();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to