Changeset 162752 in webkit

Timestamp:

Jan 24, 2014, 7:15:13 PM (11 years ago)

Author:

mark.lam@apple.com

Message:

DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
<​https://webkit.org/b/127600>

Reviewed by Oliver Hunt.

In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
is passed in is bad, it will fail to create an Executable i.e.
EvalExecutable::create() returns a null pointer. However,
DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
exception and proceeded to execute the null pointer as an Executable.
A crash ensues.

Now, if an exception is detected while creating the Executable, we
abort instead.

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::evaluateWithCallFrame):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• debugger/DebuggerCallFrame.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2014-01-24  Mark Lam  <mark.lam@apple.com>
+
+        DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
+        <https://webkit.org/b/127600>
+
+        Reviewed by Oliver Hunt.
+
+        In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
+        is passed in is bad, it will fail to create an Executable i.e.
+        EvalExecutable::create() returns a null pointer. However,
+        DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
+        exception and proceeded to execute the null pointer as an Executable.
+        A crash ensues.
+
+        Now, if an exception is detected while creating the Executable, we
+        abort instead.
+
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluateWithCallFrame):
+
 2014-01-24  Oliver Hunt  <oliver@apple.com>
 

trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp

@@ -155 +155 @@
         exception = vm.exception();
         vm.clearException();
+        return jsUndefined();
     }