Title: [197862] trunk/Source/_javascript_Core
- Revision
- 197862
- Author
- [email protected]
- Date
- 2016-03-09 10:10:59 -0800 (Wed, 09 Mar 2016)
Log Message
Harden JSC Root element functions from bad values
https://bugs.webkit.org/show_bug.cgi?id=155234
Reviewed by Saam Barati.
Changed jsCast() to jsDynamicCast() in Root related function to protect against being
called with non-Root arguments.
* jsc.cpp:
(functionCreateElement):
(functionGetElement):
(functionSetElementRoot):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (197861 => 197862)
--- trunk/Source/_javascript_Core/ChangeLog 2016-03-09 17:51:38 UTC (rev 197861)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-03-09 18:10:59 UTC (rev 197862)
@@ -1,3 +1,18 @@
+2016-03-09 Michael Saboff <[email protected]>
+
+ Harden JSC Root element functions from bad values
+ https://bugs.webkit.org/show_bug.cgi?id=155234
+
+ Reviewed by Saam Barati.
+
+ Changed jsCast() to jsDynamicCast() in Root related function to protect against being
+ called with non-Root arguments.
+
+ * jsc.cpp:
+ (functionCreateElement):
+ (functionGetElement):
+ (functionSetElementRoot):
+
2016-03-09 Benjamin Poulain <[email protected]>
[JSC] Pick how to OSR Enter to FTL at runtime instead of compile time
Modified: trunk/Source/_javascript_Core/jsc.cpp (197861 => 197862)
--- trunk/Source/_javascript_Core/jsc.cpp 2016-03-09 17:51:38 UTC (rev 197861)
+++ trunk/Source/_javascript_Core/jsc.cpp 2016-03-09 18:10:59 UTC (rev 197862)
@@ -1174,23 +1174,29 @@
EncodedJSValue JSC_HOST_CALL functionCreateElement(ExecState* exec)
{
JSLockHolder lock(exec);
- JSValue arg = exec->argument(0);
- return JSValue::encode(Element::create(exec->vm(), exec->lexicalGlobalObject(), arg.isNull() ? nullptr : jsCast<Root*>(exec->argument(0))));
+ Root* root = jsDynamicCast<Root*>(exec->argument(0));
+ if (!root)
+ return JSValue::encode(jsUndefined());
+ return JSValue::encode(Element::create(exec->vm(), exec->lexicalGlobalObject(), root));
}
EncodedJSValue JSC_HOST_CALL functionGetElement(ExecState* exec)
{
JSLockHolder lock(exec);
- Element* result = jsCast<Root*>(exec->argument(0).asCell())->element();
+ Root* root = jsDynamicCast<Root*>(exec->argument(0));
+ if (!root)
+ return JSValue::encode(jsUndefined());
+ Element* result = root->element();
return JSValue::encode(result ? result : jsUndefined());
}
EncodedJSValue JSC_HOST_CALL functionSetElementRoot(ExecState* exec)
{
JSLockHolder lock(exec);
- Element* element = jsCast<Element*>(exec->argument(0));
- Root* root = jsCast<Root*>(exec->argument(1));
- element->setRoot(exec->vm(), root);
+ Element* element = jsDynamicCast<Element*>(exec->argument(0));
+ Root* root = jsDynamicCast<Root*>(exec->argument(1));
+ if (element && root)
+ element->setRoot(exec->vm(), root);
return JSValue::encode(jsUndefined());
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
