Skip to site navigation (Press enter)

[webkit-changes] [286912] trunk/Source/WebCore

mark . lam Sat, 11 Dec 2021 08:55:59 -0800

Title: [286912] trunk/Source/WebCore

Revision: 286912
Author: [email protected]
Date: 2021-12-11 08:55:07 -0800 (Sat, 11 Dec 2021)

Log Message

WebCore::createDOMException() should abort early if termination is pending.
https://bugs.webkit.org/show_bug.cgi?id=234190


Reviewed by Darin Adler.

Attempting to create Error objects may re-enter the VM, which we should not do
when termination is pending.

This issue manifested as an ASSERT failure, and was discovered while running
http/wpt/fetch/ layout tests with a Debug build on an M1 Mac.  It also manifested
on some testing bots.

* bindings/js/JSDOMExceptionHandling.cpp:
(WebCore::createDOMException):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/js/JSDOMExceptionHandling.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (286911 => 286912)


--- trunk/Source/WebCore/ChangeLog	2021-12-11 15:33:16 UTC (rev 286911)
+++ trunk/Source/WebCore/ChangeLog	2021-12-11 16:55:07 UTC (rev 286912)
@@ -1,3 +1,20 @@
+2021-12-11  Mark Lam  <[email protected]>
+
+        WebCore::createDOMException() should abort early if termination is pending.
+        https://bugs.webkit.org/show_bug.cgi?id=234190
+
+        Reviewed by Darin Adler.
+
+        Attempting to create Error objects may re-enter the VM, which we should not do
+        when termination is pending.
+
+        This issue manifested as an ASSERT failure, and was discovered while running
+        http/wpt/fetch/ layout tests with a Debug build on an M1 Mac.  It also manifested
+        on some testing bots.
+
+        * bindings/js/JSDOMExceptionHandling.cpp:
+        (WebCore::createDOMException):
+
 2021-12-11  Commit Queue  <[email protected]>
 
         Unreviewed, reverting r286893.

Modified: trunk/Source/WebCore/bindings/js/JSDOMExceptionHandling.cpp (286911 => 286912)


--- trunk/Source/WebCore/bindings/js/JSDOMExceptionHandling.cpp	2021-12-11 15:33:16 UTC (rev 286911)
+++ trunk/Source/WebCore/bindings/js/JSDOMExceptionHandling.cpp	2021-12-11 16:55:07 UTC (rev 286912)
@@ -140,6 +140,10 @@
 
 JSValue createDOMException(JSGlobalObject* lexicalGlobalObject, ExceptionCode ec, const String& message)
 {
+    VM& vm = lexicalGlobalObject->vm();
+    if (UNLIKELY(vm.hasPendingTerminationException()))
+        return jsUndefined();
+
     switch (ec) {
     case ExistingExceptionError:
         return jsUndefined();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes