Title: [275324] trunk
- Revision
- 275324
- Author
- [email protected]
- Date
- 2021-03-31 17:29:13 -0700 (Wed, 31 Mar 2021)
Log Message
Placate exception check validation below convertVariadicArguments().
https://bugs.webkit.org/show_bug.cgi?id=224027
rdar://68912995
Reviewed by Saam Barati.
Source/WebCore:
Test: js/dom/missing-exception-check-in-convertVariadicArguments.html
* bindings/js/JSDOMConvertVariadic.h:
(WebCore::convertVariadicArguments):
LayoutTests:
* js/dom/missing-exception-check-in-convertVariadicArguments-expected.txt: Added.
* js/dom/missing-exception-check-in-convertVariadicArguments.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (275323 => 275324)
--- trunk/LayoutTests/ChangeLog 2021-04-01 00:18:59 UTC (rev 275323)
+++ trunk/LayoutTests/ChangeLog 2021-04-01 00:29:13 UTC (rev 275324)
@@ -1,3 +1,14 @@
+2021-03-31 Mark Lam <[email protected]>
+
+ Placate exception check validation below convertVariadicArguments().
+ https://bugs.webkit.org/show_bug.cgi?id=224027
+ rdar://68912995
+
+ Reviewed by Saam Barati.
+
+ * js/dom/missing-exception-check-in-convertVariadicArguments-expected.txt: Added.
+ * js/dom/missing-exception-check-in-convertVariadicArguments.html: Added.
+
2021-03-31 Ryan Haddad <[email protected]>
REGRESSION (Metal ANGLE): [Catalina] 6 consistent WebGL failures / timeouts
Added: trunk/LayoutTests/js/dom/missing-exception-check-in-convertVariadicArguments-expected.txt (0 => 275324)
--- trunk/LayoutTests/js/dom/missing-exception-check-in-convertVariadicArguments-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/missing-exception-check-in-convertVariadicArguments-expected.txt 2021-04-01 00:29:13 UTC (rev 275324)
@@ -0,0 +1,4 @@
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/dom/missing-exception-check-in-convertVariadicArguments.html (0 => 275324)
--- trunk/LayoutTests/js/dom/missing-exception-check-in-convertVariadicArguments.html (rev 0)
+++ trunk/LayoutTests/js/dom/missing-exception-check-in-convertVariadicArguments.html 2021-04-01 00:29:13 UTC (rev 275324)
@@ -0,0 +1,14 @@
+<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--validateExceptionChecks=true ] -->
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+ setTimeout(undefined, undefined, undefined, undefined);
+ setInterval(undefined, undefined, undefined, undefined);
+</script>
+<script src=""
+</body>
+</html>
+
Modified: trunk/Source/WebCore/ChangeLog (275323 => 275324)
--- trunk/Source/WebCore/ChangeLog 2021-04-01 00:18:59 UTC (rev 275323)
+++ trunk/Source/WebCore/ChangeLog 2021-04-01 00:29:13 UTC (rev 275324)
@@ -1,3 +1,16 @@
+2021-03-31 Mark Lam <[email protected]>
+
+ Placate exception check validation below convertVariadicArguments().
+ https://bugs.webkit.org/show_bug.cgi?id=224027
+ rdar://68912995
+
+ Reviewed by Saam Barati.
+
+ Test: js/dom/missing-exception-check-in-convertVariadicArguments.html
+
+ * bindings/js/JSDOMConvertVariadic.h:
+ (WebCore::convertVariadicArguments):
+
2021-03-31 Venky Dass <[email protected]>
Null pointer access crash in WebCore::makeBoundaryPoint(..)
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertVariadic.h (275323 => 275324)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertVariadic.h 2021-04-01 00:18:59 UTC (rev 275323)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertVariadic.h 2021-04-01 00:29:13 UTC (rev 275324)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -48,6 +48,9 @@
template<typename IDLType> Vector<typename VariadicConverter<IDLType>::Item> convertVariadicArguments(JSC::JSGlobalObject& lexicalGlobalObject, JSC::CallFrame& callFrame, size_t startIndex)
{
+ auto& vm = JSC::getVM(&lexicalGlobalObject);
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
size_t length = callFrame.argumentCount();
if (startIndex >= length)
return { };
@@ -57,6 +60,7 @@
for (size_t i = startIndex; i < length; ++i) {
auto value = VariadicConverter<IDLType>::convert(lexicalGlobalObject, callFrame.uncheckedArgument(i));
+ EXCEPTION_ASSERT_UNUSED(scope, !!scope.exception() == !value);
if (!value)
return { };
result.uncheckedAppend(WTFMove(*value));
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
