WebKit Bugzilla
Attachment 348454 Details for
Bug 189132
: Add some missing exception checks in JSRopeString::resolveRopeToAtomicString().
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch.
bug-189132.patch (text/plain), 3.36 KB, created by
Mark Lam
on 2018-08-29 17:26:30 PDT
(
hide
)
Description:
proposed patch.
Filename:
MIME Type:
Creator:
Mark Lam
Created:
2018-08-29 17:26:30 PDT
Size:
3.36 KB
patch
obsolete
>Index: JSTests/ChangeLog >=================================================================== >--- JSTests/ChangeLog (revision 235488) >+++ JSTests/ChangeLog (working copy) >@@ -1,3 +1,13 @@ >+2018-08-29 Mark Lam <mark.lam@apple.com> >+ >+ Add some missing exception checks in JSRopeString::resolveRopeToAtomicString(). >+ https://bugs.webkit.org/show_bug.cgi?id=189132 >+ <rdar://problem/42513068> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/regress-189132.js: Added. >+ > 2018-08-27 Yusuke Suzuki <yusukesuzuki@slowstart.org> > > [WebAssembly] Parse wasm modules in a streaming fashion >Index: JSTests/stress/regress-189132.js >=================================================================== >--- JSTests/stress/regress-189132.js (nonexistent) >+++ JSTests/stress/regress-189132.js (working copy) >@@ -0,0 +1,12 @@ >+try { >+ var a0 = '\ud801'; >+ var a1 = []; >+ a2 = a0.padEnd(2147483644,'x'); >+ a1[a2]; >+} catch (e) { >+ exception = e; >+} >+ >+if (exception != "Error: Out of memory") >+ throw "FAILED"; >+ >Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 235488) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,16 @@ >+2018-08-29 Mark Lam <mark.lam@apple.com> >+ >+ Add some missing exception checks in JSRopeString::resolveRopeToAtomicString(). >+ https://bugs.webkit.org/show_bug.cgi?id=189132 >+ <rdar://problem/42513068> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * runtime/JSCJSValueInlines.h: >+ (JSC::JSValue::toPropertyKey const): >+ * runtime/JSString.cpp: >+ (JSC::JSRopeString::resolveRopeToAtomicString const): >+ > 2018-08-29 Commit Queue <commit-queue@webkit.org> > > Unreviewed, rolling out r235432 and r235436. >Index: Source/JavaScriptCore/runtime/JSCJSValueInlines.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSCJSValueInlines.h (revision 235449) >+++ Source/JavaScriptCore/runtime/JSCJSValueInlines.h (working copy) >@@ -649,13 +649,17 @@ ALWAYS_INLINE Identifier JSValue::toProp > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- if (isString()) >+ if (isString()) { >+ scope.release(); > return asString(*this)->toIdentifier(exec); >+ } > > JSValue primitive = toPrimitive(exec, PreferString); > RETURN_IF_EXCEPTION(scope, vm.propertyNames->emptyIdentifier); >- if (primitive.isSymbol()) >+ if (primitive.isSymbol()) { >+ scope.release(); > return Identifier::fromUid(asSymbol(primitive)->privateName()); >+ } > scope.release(); > return primitive.toString(exec)->toIdentifier(exec); > } >Index: Source/JavaScriptCore/runtime/JSString.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/JSString.cpp (revision 235449) >+++ Source/JavaScriptCore/runtime/JSString.cpp (working copy) >@@ -178,8 +178,12 @@ void JSRopeString::resolveRopeInternal16 > > void JSRopeString::resolveRopeToAtomicString(ExecState* exec) const > { >+ VM& vm = exec->vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); >+ > if (length() > maxLengthForOnStackResolve) { > resolveRope(exec); >+ RETURN_IF_EXCEPTION(scope, void()); > m_value = AtomicString(m_value); > setIs8Bit(m_value.impl()->is8Bit()); > return;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348454">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
saam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189132
: 348454