[webkit-changes] [275361] trunk

Thu, 01 Apr 2021 08:36:20 -0700

Title: [275361] trunk
Revision
275361
Author
[email protected]
Date
2021-04-01 08:35:21 -0700 (Thu, 01 Apr 2021)

Log Message

Fix some missing exception checks in HTMLMediaElement methods.
https://bugs.webkit.org/show_bug.cgi?id=224038
rdar://69573092

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/missing-exception-checks-in-HTMLMediaElement-methods.html

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::setupAndCallJS):
(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::setControllerJSProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):

LayoutTests:

* media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt: Added.
* media/missing-exception-checks-in-HTMLMediaElement-methods.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (275360 => 275361)


--- trunk/LayoutTests/ChangeLog	2021-04-01 15:19:40 UTC (rev 275360)
+++ trunk/LayoutTests/ChangeLog	2021-04-01 15:35:21 UTC (rev 275361)
@@ -1,3 +1,14 @@
+2021-04-01  Mark Lam  <[email protected]>
+
+        Fix some missing exception checks in HTMLMediaElement methods.
+        https://bugs.webkit.org/show_bug.cgi?id=224038
+        rdar://69573092
+
+        Reviewed by Eric Carlson.
+
+        * media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt: Added.
+        * media/missing-exception-checks-in-HTMLMediaElement-methods.html: Added.
+
 2021-04-01  Devin Rousso  <[email protected]>
 
         Limit the number of buttons shown in media controls

Added: trunk/LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt (0 => 275361)


--- trunk/LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt	2021-04-01 15:35:21 UTC (rev 275361)
@@ -0,0 +1 @@
+

Added: trunk/LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods.html (0 => 275361)


--- trunk/LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods.html	                        (rev 0)
+++ trunk/LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods.html	2021-04-01 15:35:21 UTC (rev 275361)
@@ -0,0 +1,17 @@
+<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--validateExceptionChecks=true ] -->
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    let d0 = document.createElement('audio');
+    let d1 = document.createElement('track');
+    d0.appendChild(d1);
+</script>
+<script src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (275360 => 275361)


--- trunk/Source/WebCore/ChangeLog	2021-04-01 15:19:40 UTC (rev 275360)
+++ trunk/Source/WebCore/ChangeLog	2021-04-01 15:35:21 UTC (rev 275361)
@@ -1,3 +1,22 @@
+2021-04-01  Mark Lam  <[email protected]>
+
+        Fix some missing exception checks in HTMLMediaElement methods.
+        https://bugs.webkit.org/show_bug.cgi?id=224038
+        rdar://69573092
+
+        Reviewed by Eric Carlson.
+
+        Test: media/missing-exception-checks-in-HTMLMediaElement-methods.html
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::setupAndCallJS):
+        (WebCore::HTMLMediaElement::updateCaptionContainer):
+        (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
+        (WebCore::HTMLMediaElement::setControllerJSProperty):
+        (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
+        (WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
+        (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
+
 2021-04-01  Jean-Yves Avenard  <[email protected]>
 
         Previous artwork isn't cleared when NowPlaying info doesn't contain an artwork

Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (275360 => 275361)


--- trunk/Source/WebCore/html/HTMLMediaElement.cpp	2021-04-01 15:19:40 UTC (rev 275360)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp	2021-04-01 15:35:21 UTC (rev 275361)
@@ -4311,11 +4311,7 @@
     auto* globalObject = JSC::jsCast<JSDOMGlobalObject*>(scriptController.globalObject(world));
     auto& vm = globalObject->vm();
     JSC::JSLockHolder lock(vm);
-    auto scope = DECLARE_THROW_SCOPE(vm);
     auto* lexicalGlobalObject = globalObject;
-
-    RETURN_IF_EXCEPTION(scope, false);
-
     return task(*globalObject, *lexicalGlobalObject, scriptController, world);
 }
 
@@ -4335,7 +4331,17 @@
     setupAndCallJS([this](JSDOMGlobalObject& globalObject, JSC::JSGlobalObject& lexicalGlobalObject, ScriptController&, DOMWrapperWorld&) {
         auto& vm = globalObject.vm();
         auto scope = DECLARE_CATCH_SCOPE(vm);
+
+        auto reportExceptionAndReturnFalse = [&] () -> bool {
+            auto* exception = scope.exception();
+            scope.clearException();
+            reportException(&globalObject, exception);
+            return false;
+        };
+
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         auto* controllerObject = JSC::jsDynamicCast<JSC::JSObject*>(vm, controllerValue);
         if (!controllerObject)
             return false;
@@ -4347,6 +4353,8 @@
         // Return value:
         //     None
         auto methodValue = controllerObject->get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "updateCaptionContainer"));
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         auto* methodObject = JSC::jsDynamicCast<JSC::JSObject*>(vm, methodValue);
         if (!methodObject)
             return false;
@@ -4358,7 +4366,7 @@
         JSC::MarkedArgumentBuffer noArguments;
         ASSERT(!noArguments.hasOverflowed());
         JSC::call(&lexicalGlobalObject, methodObject, callData, controllerObject, noArguments);
-        scope.clearException();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
 
         m_haveSetUpCaptionContainer = true;
 
@@ -7156,7 +7164,15 @@
         auto& vm = globalObject.vm();
         auto scope = DECLARE_CATCH_SCOPE(vm);
 
+        auto reportExceptionAndReturnFalse = [&] () -> bool {
+            auto* exception = scope.exception();
+            scope.clearException();
+            reportException(&globalObject, exception);
+            return false;
+        };
+
         auto functionValue = globalObject.get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "createControls"));
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
         if (functionValue.isCallable(vm))
             return true;
 
@@ -7164,12 +7180,7 @@
             if (mediaControlsScript.isEmpty())
                 continue;
             scriptController.evaluateInWorldIgnoringException(ScriptSourceCode(mediaControlsScript), world);
-            if (UNLIKELY(scope.exception())) {
-                auto* exception = scope.exception();
-                scope.clearException();
-                reportException(&globalObject, exception);
-                return false;
-            }
+            RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
         }
 
         return true;
@@ -7199,7 +7210,10 @@
 {
     setupAndCallJS([this, propertyName, propertyValue](JSDOMGlobalObject& globalObject, JSC::JSGlobalObject& lexicalGlobalObject, ScriptController&, DOMWrapperWorld&) {
         auto& vm = globalObject.vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        EXCEPTION_ASSERT_UNUSED(scope, !scope.exception() || controllerValue.isNull());
         if (controllerValue.isNull())
             return false;
 
@@ -7208,6 +7222,7 @@
         if (!controllerObject)
             return false;
 
+        scope.release();
         controllerObject->methodTable(vm)->put(controllerObject, &lexicalGlobalObject, JSC::Identifier::fromString(vm, propertyName), propertyValue, propertySlot);
 
         return true;
@@ -7256,8 +7271,16 @@
         if (callData.type == JSC::CallData::Type::None)
             return false;
 
+        auto reportExceptionAndReturnFalse = [&] () -> bool {
+            auto* exception = scope.exception();
+            scope.clearException();
+            reportException(&globalObject, exception);
+            return false;
+        };
+
         auto controllerValue = JSC::call(&lexicalGlobalObject, function, callData, &globalObject, argList);
-        scope.clearException();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         auto* controllerObject = JSC::jsDynamicCast<JSC::JSObject*>(vm, controllerValue);
         if (!controllerObject)
             return false;
@@ -7282,11 +7305,11 @@
         mediaControlsHostJSWrapperObject->putDirect(vm, controller, controllerValue, JSC::PropertyAttribute::DontDelete | JSC::PropertyAttribute::DontEnum | JSC::PropertyAttribute::ReadOnly);
 
         updatePageScaleFactorJSProperty();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         updateUsesLTRUserInterfaceLayoutDirectionJSProperty();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
 
-        if (UNLIKELY(scope.exception()))
-            scope.clearException();
-
         return true;
     });
 }
@@ -7317,8 +7340,8 @@
         auto scope = DECLARE_THROW_SCOPE(vm);
 
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        RETURN_IF_EXCEPTION(scope, false);
         auto* controllerObject = controllerValue.toObject(&lexicalGlobalObject);
-
         RETURN_IF_EXCEPTION(scope, false);
 
         auto functionValue = controllerObject->get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "handlePresentationModeChange"));
@@ -7361,8 +7384,8 @@
         auto scope = DECLARE_THROW_SCOPE(vm);
 
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        RETURN_IF_EXCEPTION(scope, false);
         auto* controllerObject = controllerValue.toObject(&lexicalGlobalObject);
-
         RETURN_IF_EXCEPTION(scope, false);
 
         auto functionValue = controllerObject->get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "getCurrentControlsStatus"));

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to