[webkit-changes] [WebKit/WebKit] ddd9cb: [JSC] Throw OOM error if constructArrayNegativeInd...

Commit Queue Fri, 25 Aug 2023 14:29:17 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ddd9cbc5f5a7def601a5abb74cb0d8ea5f6a4585
      
https://github.com/WebKit/WebKit/commit/ddd9cbc5f5a7def601a5abb74cb0d8ea5f6a4585
  Author: Alexey Shvayka <ashva...@apple.com>
  Date:   2023-08-25 (Fri, 25 Aug 2023)


  Changed paths:
    M Source/JavaScriptCore/runtime/JSArray.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h

  Log Message:
  -----------
  [JSC] Throw OOM error if constructArrayNegativeIndexed() fails to allocate
https://bugs.webkit.org/show_bug.cgi?id=260559
<rdar://114202373>

Reviewed by Mark Lam.

This change leverages AllocationFailureMode to throw an OOM error if 
constructArrayNegativeIndexed()
fails to allocate an array, which does happen in the wild (iOS apps).

All clients of constructArrayNegativeIndexed() were updated to correctly handle 
thrown exception.

* Source/JavaScriptCore/runtime/JSArray.cpp:
(JSC::constructArray):
(JSC::constructArrayNegativeIndexed):
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::constructArrayNegativeIndexed):

Canonical link: https://commits.webkit.org/267300@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] ddd9cb: [JSC] Throw OOM error if constructArrayNegativeInd...

Reply via email to