Title: [283694] branches/safari-612.2.9.3-branch/Source/_javascript_Core
- Revision
- 283694
- Author
- [email protected]
- Date
- 2021-10-06 18:39:57 -0700 (Wed, 06 Oct 2021)
Log Message
Revert "Cherry-pick r283632. rdar://problem/83942645"
This reverts commit r283653.
Modified Paths
Diff
Modified: branches/safari-612.2.9.3-branch/Source/_javascript_Core/ChangeLog (283693 => 283694)
--- branches/safari-612.2.9.3-branch/Source/_javascript_Core/ChangeLog 2021-10-07 01:19:34 UTC (rev 283693)
+++ branches/safari-612.2.9.3-branch/Source/_javascript_Core/ChangeLog 2021-10-07 01:39:57 UTC (rev 283694)
@@ -1,40 +1,3 @@
-2021-10-06 Russell Epstein <[email protected]>
-
- Cherry-pick r283632. rdar://problem/83942645
-
- Speculative fix for a null pointer dereference in ByteCodeParser::handlePutByVal.
- https://bugs.webkit.org/show_bug.cgi?id=231252
- rdar://83310320
-
- Reviewed by Yusuke Suzuki.
-
- We're seeing a null pointer dereference in ByteCodeParser::handlePutByVal().
- Adding a null check here as a speculative fix to mitigate crashes while we
- investigate further.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::handlePutByVal):
-
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283632 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2021-10-06 Mark Lam <[email protected]>
-
- Speculative fix for a null pointer dereference in ByteCodeParser::handlePutByVal.
- https://bugs.webkit.org/show_bug.cgi?id=231252
- rdar://83310320
-
- Reviewed by Yusuke Suzuki.
-
- We're seeing a null pointer dereference in ByteCodeParser::handlePutByVal().
- Adding a null check here as a speculative fix to mitigate crashes while we
- investigate further.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::handlePutByVal):
-
2021-10-05 Russell Epstein <[email protected]>
Cherry-pick r283556. rdar://problem/83899967
Modified: branches/safari-612.2.9.3-branch/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (283693 => 283694)
--- branches/safari-612.2.9.3-branch/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2021-10-07 01:19:34 UTC (rev 283693)
+++ branches/safari-612.2.9.3-branch/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2021-10-07 01:39:57 UTC (rev 283694)
@@ -6482,9 +6482,7 @@
FrozenValue* frozen = m_graph.freezeStrong(symbol);
addToGraph(CheckIsConstant, OpInfo(frozen), property);
} else if (auto* string = property->dynamicCastConstant<JSString*>(*m_vm)) {
- auto* impl = string->tryGetValueImpl();
- ASSERT(impl); // FIXME: rdar://83902782
- if (impl && impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) {
+ if (auto* impl = string->tryGetValueImpl(); impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) {
uid = bitwise_cast<UniquedStringImpl*>(impl);
propertyCell = string;
m_graph.freezeStrong(string);
@@ -8878,9 +8876,7 @@
FrozenValue* frozen = m_graph.freezeStrong(symbol);
addToGraph(CheckIsConstant, OpInfo(frozen), property);
} else if (auto* string = property->dynamicCastConstant<JSString*>(*m_vm)) {
- auto* impl = string->tryGetValueImpl();
- ASSERT(impl); // FIXME: rdar://83902782
- if (impl && impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) {
+ if (auto* impl = string->tryGetValueImpl(); impl->isAtom() && !parseIndex(*const_cast<StringImpl*>(impl))) {
uid = bitwise_cast<UniquedStringImpl*>(impl);
propertyCell = string;
m_graph.freezeStrong(string);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
