Title: [243824] trunk/Source/WebCore
- Revision
- 243824
- Author
- [email protected]
- Date
- 2019-04-03 13:37:22 -0700 (Wed, 03 Apr 2019)
Log Message
Follow up fix for r243807: Use MarkedArgumentBuffer instead of Vector for JSValue
https://bugs.webkit.org/show_bug.cgi?id=196547
Reviewed by Geoffrey Garen.
JSValue in Vector could be garbage collected because GC doesn't know Vector memory on C++ heap.
* bindings/js/JSIDBRequestCustom.cpp:
(WebCore::JSIDBRequest::result const):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (243823 => 243824)
--- trunk/Source/WebCore/ChangeLog 2019-04-03 20:27:12 UTC (rev 243823)
+++ trunk/Source/WebCore/ChangeLog 2019-04-03 20:37:22 UTC (rev 243824)
@@ -1,3 +1,15 @@
+2019-04-03 Sihui Liu <[email protected]>
+
+ Follow up fix for r243807: Use MarkedArgumentBuffer instead of Vector for JSValue
+ https://bugs.webkit.org/show_bug.cgi?id=196547
+
+ Reviewed by Geoffrey Garen.
+
+ JSValue in Vector could be garbage collected because GC doesn't know Vector memory on C++ heap.
+
+ * bindings/js/JSIDBRequestCustom.cpp:
+ (WebCore::JSIDBRequest::result const):
+
2019-04-03 Chris Dumez <[email protected]>
HTML fragment serialization should not strip whitespace from URL attribute values
Modified: trunk/Source/WebCore/bindings/js/JSIDBRequestCustom.cpp (243823 => 243824)
--- trunk/Source/WebCore/bindings/js/JSIDBRequestCustom.cpp 2019-04-03 20:27:12 UTC (rev 243823)
+++ trunk/Source/WebCore/bindings/js/JSIDBRequestCustom.cpp 2019-04-03 20:37:22 UTC (rev 243824)
@@ -64,14 +64,19 @@
auto& keys = getAllResult.keys();
auto& values = getAllResult.values();
auto& keyPath = getAllResult.keyPath();
- Vector<JSC::JSValue> results;
+ auto scope = DECLARE_THROW_SCOPE(state.vm());
+ JSC::MarkedArgumentBuffer list;
for (unsigned i = 0; i < values.size(); i ++) {
auto result = deserializeIDBValueWithKeyInjection(state, values[i], keys[i], keyPath);
if (!result)
return jsNull();
- results.append(result.value());
+ list.append(result.value());
+ if (UNLIKELY(list.hasOverflowed())) {
+ propagateException(state, scope, Exception(UnknownError));
+ return jsNull();
+ }
}
- return JSValue(JSC::constructArray(&state, nullptr, state.lexicalGlobalObject(), results.data(), results.size()));
+ return JSValue(JSC::constructArray(&state, nullptr, state.lexicalGlobalObject(), list));
}, [] (uint64_t number) {
return toJS<IDLUnsignedLongLong>(number);
}, [] (IDBRequest::NullResultType other) {
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
