[webkit-changes] [248233] releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Sat, 03 Aug 2019 20:24:17 -0700

Title: [248233] releases/WebKitGTK/webkit-2.24/Source/_javascript_Core
Revision
248233
Author
[email protected]
Date
2019-08-03 20:23:15 -0700 (Sat, 03 Aug 2019)

Log Message

Merge r246084 - Unreviewed, update exception scope for putByIndexBeyondVectorLength
https://bugs.webkit.org/show_bug.cgi?id=198477

* runtime/JSObject.cpp:
(JSC::JSObject::putByIndexBeyondVectorLength):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog (248232 => 248233)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-08-04 03:23:13 UTC (rev 248232)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-08-04 03:23:15 UTC (rev 248233)
@@ -1,3 +1,11 @@
+2019-06-04  Yusuke Suzuki  <[email protected]>
+
+        Unreviewed, update exception scope for putByIndexBeyondVectorLength
+        https://bugs.webkit.org/show_bug.cgi?id=198477
+
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::putByIndexBeyondVectorLength):
+
 2019-06-03  Yusuke Suzuki  <[email protected]>
 
         [JSC] JSObject::attemptToInterceptPutByIndexOnHole should use getPrototype instead of getPrototypeDirect

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/JSObject.cpp (248232 => 248233)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/JSObject.cpp	2019-08-04 03:23:13 UTC (rev 248232)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/JSObject.cpp	2019-08-04 03:23:15 UTC (rev 248233)
@@ -2868,6 +2868,7 @@
 bool JSObject::putByIndexBeyondVectorLength(ExecState* exec, unsigned i, JSValue value, bool shouldThrow)
 {
     VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
 
     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!isCopyOnWrite(indexingMode()));
 
@@ -2877,18 +2878,17 @@
     switch (indexingType()) {
     case ALL_BLANK_INDEXING_TYPES: {
         if (indexingShouldBeSparse(vm)) {
-            return putByIndexBeyondVectorLengthWithArrayStorage(
+            RELEASE_AND_RETURN(scope, putByIndexBeyondVectorLengthWithArrayStorage(
                 exec, i, value, shouldThrow,
-                ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
+                ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm)));
         }
         if (indexIsSufficientlyBeyondLengthForSparseMap(i, 0) || i >= MIN_SPARSE_ARRAY_INDEX) {
-            return putByIndexBeyondVectorLengthWithArrayStorage(
-                exec, i, value, shouldThrow, createArrayStorage(vm, 0, 0));
+            RELEASE_AND_RETURN(scope, putByIndexBeyondVectorLengthWithArrayStorage(exec, i, value, shouldThrow, createArrayStorage(vm, 0, 0)));
         }
         if (needsSlowPutIndexing(vm)) {
             // Convert the indexing type to the SlowPutArrayStorage and retry.
             createArrayStorage(vm, i + 1, getNewVectorLength(vm, 0, 0, 0, i + 1));
-            return putByIndex(this, exec, i, value, shouldThrow);
+            RELEASE_AND_RETURN(scope, putByIndex(this, exec, i, value, shouldThrow));
         }
         
         createInitialForValueAndSet(vm, i, value);
@@ -2901,18 +2901,17 @@
     }
         
     case ALL_INT32_INDEXING_TYPES:
-        return putByIndexBeyondVectorLengthWithoutAttributes<Int32Shape>(exec, i, value);
+        RELEASE_AND_RETURN(scope, putByIndexBeyondVectorLengthWithoutAttributes<Int32Shape>(exec, i, value));
         
     case ALL_DOUBLE_INDEXING_TYPES:
-        return putByIndexBeyondVectorLengthWithoutAttributes<DoubleShape>(exec, i, value);
+        RELEASE_AND_RETURN(scope, putByIndexBeyondVectorLengthWithoutAttributes<DoubleShape>(exec, i, value));
         
     case ALL_CONTIGUOUS_INDEXING_TYPES:
-        return putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, i, value);
+        RELEASE_AND_RETURN(scope, putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, i, value));
         
     case NonArrayWithSlowPutArrayStorage:
     case ArrayWithSlowPutArrayStorage: {
         // No own property present in the vector, but there might be in the sparse map!
-        auto scope = DECLARE_THROW_SCOPE(vm);
         SparseArrayValueMap* map = arrayStorage()->m_sparseMap.get();
         bool putResult = false;
         if (!(map && map->contains(i))) {
@@ -2921,13 +2920,12 @@
             if (result)
                 return putResult;
         }
-        scope.release();
         FALLTHROUGH;
     }
 
     case NonArrayWithArrayStorage:
     case ArrayWithArrayStorage:
-        return putByIndexBeyondVectorLengthWithArrayStorage(exec, i, value, shouldThrow, arrayStorage());
+        RELEASE_AND_RETURN(scope, putByIndexBeyondVectorLengthWithArrayStorage(exec, i, value, shouldThrow, arrayStorage()));
         
     default:
         RELEASE_ASSERT_NOT_REACHED();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to