[webkit-changes] [259481] trunk

[ysuzuki]

Title: [259481] trunk

Revision

259481

Author

ysuz...@apple.com

Date

2020-04-03 11:40:05 -0700 (Fri, 03 Apr 2020)

Log Message

[JSC] canonicalizeLocaleList should gracefully throw OOM error if input + error message is too large
https://bugs.webkit.org/show_bug.cgi?id=209971
<rdar://problem/61258621>

Reviewed by Mark Lam.

JSTests:

* stress/intl-canonicalize-locale-list-error-oom.js: Added.
(shouldThrow):

Source/_javascript_Core:

canonicalizeLocaleList generates error-message with input. If input is too large, error-message string
generation could fail due to OOM. We should gracefully throw OOM error instead of crashing. This strategy
follows to `createError`'s error-message generation: if error-message generation fails, throwing OOM error.

* runtime/IntlObject.cpp:
(JSC::canonicalizeLocaleList):

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/IntlObject.cpp

Added Paths

• trunk/JSTests/stress/intl-canonicalize-locale-list-error-oom.js

Diff

Modified: trunk/JSTests/ChangeLog (259480 => 259481)

--- trunk/JSTests/ChangeLog	2020-04-03 18:34:53 UTC (rev 259480)
+++ trunk/JSTests/ChangeLog	2020-04-03 18:40:05 UTC (rev 259481)
@@ -1,3 +1,14 @@
+2020-04-03  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] canonicalizeLocaleList should gracefully throw OOM error if input + error message is too large
+        https://bugs.webkit.org/show_bug.cgi?id=209971
+        <rdar://problem/61258621>
+
+        Reviewed by Mark Lam.
+
+        * stress/intl-canonicalize-locale-list-error-oom.js: Added.
+        (shouldThrow):
+
 2020-04-03  Ross Kirsling  <ross.kirsl...@sony.com>
 
         Move Intl tests from LayoutTests to JSTests

Added: trunk/JSTests/stress/intl-canonicalize-locale-list-error-oom.js (0 => 259481)

--- trunk/JSTests/stress/intl-canonicalize-locale-list-error-oom.js	                        (rev 0)
+++ trunk/JSTests/stress/intl-canonicalize-locale-list-error-oom.js	2020-04-03 18:40:05 UTC (rev 259481)
@@ -0,0 +1,18 @@
+function shouldThrow(func, errorMessage) {
+    var errorThrown = false;
+    var error = null;
+    try {
+        func();
+    } catch (e) {
+        errorThrown = true;
+        error = e;
+    }
+    if (!errorThrown)
+        throw new Error('not thrown');
+    if (String(error) !== errorMessage)
+        throw new Error(`bad error: ${String(error)}`);
+}
+
+shouldThrow(() => {
+    0..toLocaleString(''.padStart(2**31-1, 'a'));
+}, `Error: Out of memory`);

Modified: trunk/Source/_javascript_Core/ChangeLog (259480 => 259481)

--- trunk/Source/_javascript_Core/ChangeLog	2020-04-03 18:34:53 UTC (rev 259480)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-04-03 18:40:05 UTC (rev 259481)
@@ -1,3 +1,18 @@
+2020-04-03  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] canonicalizeLocaleList should gracefully throw OOM error if input + error message is too large
+        https://bugs.webkit.org/show_bug.cgi?id=209971
+        <rdar://problem/61258621>
+
+        Reviewed by Mark Lam.
+
+        canonicalizeLocaleList generates error-message with input. If input is too large, error-message string
+        generation could fail due to OOM. We should gracefully throw OOM error instead of crashing. This strategy
+        follows to `createError`'s error-message generation: if error-message generation fails, throwing OOM error.
+
+        * runtime/IntlObject.cpp:
+        (JSC::canonicalizeLocaleList):
+
 2020-04-03  Ross Kirsling  <ross.kirsl...@sony.com>
 
         Move Intl tests from LayoutTests to JSTests

Modified: trunk/Source/_javascript_Core/runtime/IntlObject.cpp (259480 => 259481)

--- trunk/Source/_javascript_Core/runtime/IntlObject.cpp	2020-04-03 18:34:53 UTC (rev 259480)
+++ trunk/Source/_javascript_Core/runtime/IntlObject.cpp	2020-04-03 18:40:05 UTC (rev 259481)
@@ -633,7 +633,7 @@
 
             if (!kValue.isString() && !kValue.isObject()) {
                 throwTypeError(globalObject, scope, "locale value must be a string or object"_s);
-                return Vector<String>();
+                return { };
             }
 
             JSString* tag = kValue.toString(globalObject);
@@ -644,8 +644,13 @@
 
             String canonicalizedTag = canonicalizeLanguageTag(tagValue);
             if (canonicalizedTag.isNull()) {
-                throwException(globalObject, scope, createRangeError(globalObject, "invalid language tag: " + tagValue));
-                return Vector<String>();
+                String errorMessage = tryMakeString("invalid language tag: ", tagValue);
+                if (UNLIKELY(!errorMessage)) {
+                    throwException(globalObject, scope, createOutOfMemoryError(globalObject));
+                    return { };
+                }
+                throwException(globalObject, scope, createRangeError(globalObject, errorMessage));
+                return { };
             }
 
             if (seenSet.add(canonicalizedTag).isNewEntry)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes