Skip to site navigation (Press enter)

[webkit-changes] [275299] trunk

mark . lam Wed, 31 Mar 2021 11:46:28 -0700

Title: [275299] trunk

Revision: 275299
Author: [email protected]
Date: 2021-03-31 11:45:36 -0700 (Wed, 31 Mar 2021)

Log Message

Missing exception check in HashMapImpl::add().
https://bugs.webkit.org/show_bug.cgi?id=224007
rdar://76053163


Reviewed by Saam Barati.

JSTests:

* stress/missing-exception-check-in-HashMapImpl-add.js: Added.

Source/_javascript_Core:

* runtime/HashMapImpl.h:
(JSC::HashMapImpl::add):

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/HashMapImpl.h

Added Paths

trunk/JSTests/stress/missing-exception-check-in-HashMapImpl-add.js

Diff

Modified: trunk/JSTests/ChangeLog (275298 => 275299)


--- trunk/JSTests/ChangeLog	2021-03-31 18:37:03 UTC (rev 275298)
+++ trunk/JSTests/ChangeLog	2021-03-31 18:45:36 UTC (rev 275299)
@@ -1,3 +1,13 @@
+2021-03-31  Mark Lam  <[email protected]>
+
+        Missing exception check in HashMapImpl::add().
+        https://bugs.webkit.org/show_bug.cgi?id=224007
+        rdar://76053163
+
+        Reviewed by Saam Barati.
+
+        * stress/missing-exception-check-in-HashMapImpl-add.js: Added.
+
 2021-03-31  Alexey Shvayka  <[email protected]>
 
         Optimize constructors of ES6 collections

Added: trunk/JSTests/stress/missing-exception-check-in-HashMapImpl-add.js (0 => 275299)


--- trunk/JSTests/stress/missing-exception-check-in-HashMapImpl-add.js	                        (rev 0)
+++ trunk/JSTests/stress/missing-exception-check-in-HashMapImpl-add.js	2021-03-31 18:45:36 UTC (rev 275299)
@@ -0,0 +1 @@
+new Map([{}, [0]]);

Modified: trunk/Source/_javascript_Core/ChangeLog (275298 => 275299)


--- trunk/Source/_javascript_Core/ChangeLog	2021-03-31 18:37:03 UTC (rev 275298)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-03-31 18:45:36 UTC (rev 275299)
@@ -1,3 +1,14 @@
+2021-03-31  Mark Lam  <[email protected]>
+
+        Missing exception check in HashMapImpl::add().
+        https://bugs.webkit.org/show_bug.cgi?id=224007
+        rdar://76053163
+
+        Reviewed by Saam Barati.
+
+        * runtime/HashMapImpl.h:
+        (JSC::HashMapImpl::add):
+
 2021-03-31  Xan Lopez  <[email protected]>
 
         [JSC] Remove warnings about unnecessary operator= for ARMv7Assembler LinkRecord

Modified: trunk/Source/_javascript_Core/runtime/HashMapImpl.h (275298 => 275299)


--- trunk/Source/_javascript_Core/runtime/HashMapImpl.h	2021-03-31 18:37:03 UTC (rev 275298)
+++ trunk/Source/_javascript_Core/runtime/HashMapImpl.h	2021-03-31 18:45:36 UTC (rev 275299)
@@ -481,10 +481,15 @@
 
     ALWAYS_INLINE void add(JSGlobalObject* globalObject, JSValue key, JSValue value = JSValue())
     {
+        VM& vm = getVM(globalObject);
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
         key = normalizeMapKey(key);
         addNormalizedInternal(globalObject, key, value, [&] (HashMapBucketType* bucket) {
             return !isDeleted(bucket) && areKeysEqual(globalObject, key, bucket->key());
         });
+        RETURN_IF_EXCEPTION(scope, void());
+        scope.release();
         if (shouldRehashAfterAdd())
             rehash(globalObject);
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes