[webkit-changes] [267495] trunk

Wed, 23 Sep 2020 12:36:10 -0700

Title: [267495] trunk
Revision
267495
Author
tzaga...@apple.com
Date
2020-09-23 12:35:19 -0700 (Wed, 23 Sep 2020)

Log Message

Missing scope release in JSDOMBuiltinConstructorBase
https://bugs.webkit.org/show_bug.cgi?id=216851
<rdar://problem/69144642>

Reviewed by Yusuke Suzuki.

Source/WebCore:

In JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments, we should release the
ThrowScope before calling into _javascript_ since we don't intend to handle the exception.

Test: js/transform-stream.html

* bindings/js/JSDOMBuiltinConstructorBase.cpp:
(WebCore::JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments):

LayoutTests:

* js/script-tests/transform-stream.js: Added.
* js/transform-stream-expected.txt: Added.
* js/transform-stream.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (267494 => 267495)


--- trunk/LayoutTests/ChangeLog	2020-09-23 19:34:44 UTC (rev 267494)
+++ trunk/LayoutTests/ChangeLog	2020-09-23 19:35:19 UTC (rev 267495)
@@ -1,3 +1,15 @@
+2020-09-23  Tadeu Zagallo  <tzaga...@apple.com>
+
+        Missing scope release in JSDOMBuiltinConstructorBase
+        https://bugs.webkit.org/show_bug.cgi?id=216851
+        <rdar://problem/69144642>
+
+        Reviewed by Yusuke Suzuki.
+
+        * js/script-tests/transform-stream.js: Added.
+        * js/transform-stream-expected.txt: Added.
+        * js/transform-stream.html: Added.
+
 2020-09-23  Chris Dumez  <cdu...@apple.com>
 
         webaudio/AudioBufferSource/audiobuffersource-playbackrate.html is crashing

Added: trunk/LayoutTests/js/script-tests/transform-stream.js (0 => 267495)


--- trunk/LayoutTests/js/script-tests/transform-stream.js	                        (rev 0)
+++ trunk/LayoutTests/js/script-tests/transform-stream.js	2020-09-23 19:35:19 UTC (rev 267495)
@@ -0,0 +1,4 @@
+description(
+"Tests exception checking in JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments."
+);
+new TransformStream();

Added: trunk/LayoutTests/js/transform-stream-expected.txt (0 => 267495)


--- trunk/LayoutTests/js/transform-stream-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/js/transform-stream-expected.txt	2020-09-23 19:35:19 UTC (rev 267495)
@@ -0,0 +1,9 @@
+Tests exception checking in JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/js/transform-stream.html (0 => 267495)


--- trunk/LayoutTests/js/transform-stream.html	                        (rev 0)
+++ trunk/LayoutTests/js/transform-stream.html	2020-09-23 19:35:19 UTC (rev 267495)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"><!-- webkit-test-runner [ jscOptions=--validateExceptionChecks=true ] -->
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (267494 => 267495)


--- trunk/Source/WebCore/ChangeLog	2020-09-23 19:34:44 UTC (rev 267494)
+++ trunk/Source/WebCore/ChangeLog	2020-09-23 19:35:19 UTC (rev 267495)
@@ -1,3 +1,19 @@
+2020-09-23  Tadeu Zagallo  <tzaga...@apple.com>
+
+        Missing scope release in JSDOMBuiltinConstructorBase
+        https://bugs.webkit.org/show_bug.cgi?id=216851
+        <rdar://problem/69144642>
+
+        Reviewed by Yusuke Suzuki.
+
+        In JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments, we should release the
+        ThrowScope before calling into _javascript_ since we don't intend to handle the exception.
+
+        Test: js/transform-stream.html
+
+        * bindings/js/JSDOMBuiltinConstructorBase.cpp:
+        (WebCore::JSDOMBuiltinConstructorBase::callFunctionWithCurrentArguments):
+
 2020-09-23  Zalan Bujtas  <za...@apple.com>
 
         [LFC][IFC] Precompute the collapsible trailing width for LineBreaker

Modified: trunk/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp (267494 => 267495)


--- trunk/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp	2020-09-23 19:34:44 UTC (rev 267494)
+++ trunk/Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp	2020-09-23 19:35:19 UTC (rev 267495)
@@ -42,6 +42,7 @@
         throwOutOfMemoryError(&lexicalGlobalObject, scope);
         return;
     }
+    scope.release();
     JSC::call(&lexicalGlobalObject, &function, callData, &thisObject, arguments);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to