Title: [295659] trunk/Source/_javascript_Core/runtime/JSFunction.cpp
- Revision
- 295659
- Author
- [email protected]
- Date
- 2022-06-18 03:00:32 -0700 (Sat, 18 Jun 2022)
Log Message
REGRESSION (251613@main): Missing exception check in JSFunction::put()
https://bugs.webkit.org/show_bug.cgi?id=241727
Unreviewed follow-up fix.
Adds exception check after reifyLazyPropertyIfNeeded() since it may throw.
* Source/_javascript_Core/runtime/JSFunction.cpp:
(JSC::JSFunction::put):
Canonical link: https://commits.webkit.org/251664@main
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/runtime/JSFunction.cpp (295658 => 295659)
--- trunk/Source/_javascript_Core/runtime/JSFunction.cpp 2022-06-18 06:46:29 UTC (rev 295658)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.cpp 2022-06-18 10:00:32 UTC (rev 295659)
@@ -397,6 +397,7 @@
}
PropertyStatus propertyType = thisObject->reifyLazyPropertyIfNeeded(vm, globalObject, propertyName);
+ RETURN_IF_EXCEPTION(scope, false);
if (isLazy(propertyType))
slot.disableCaching();
RELEASE_AND_RETURN(scope, Base::put(thisObject, globalObject, propertyName, value, slot));
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
