Changeset 208741 in webkit


Ignore:
Timestamp:
Nov 15, 2016 11:44:59 AM (7 years ago)
Author:
mark.lam@apple.com
Message:

The jsc shell's setImpureGetterDelegate() should ensure that the set value is an ImpureGetter.
https://bugs.webkit.org/show_bug.cgi?id=164781
<rdar://problem/28418590>

Reviewed by Geoffrey Garen and Michael Saboff.

JSTests:

  • stress/jsc-setImpureGetterDelegate-on-bad-type.js: Added.

Source/JavaScriptCore:

  • jsc.cpp:

(functionSetImpureGetterDelegate):

Location:
trunk
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/ChangeLog

    r208738 r208741  
     12016-11-15  Mark Lam  <mark.lam@apple.com>
     2
     3        The jsc shell's setImpureGetterDelegate() should ensure that the set value is an ImpureGetter.
     4        https://bugs.webkit.org/show_bug.cgi?id=164781
     5        <rdar://problem/28418590>
     6
     7        Reviewed by Geoffrey Garen and Michael Saboff.
     8
     9        * stress/jsc-setImpureGetterDelegate-on-bad-type.js: Added.
     10
    1112016-11-15  Yusuke Suzuki  <utatane.tea@gmail.com>
    212

  • trunk/Source/JavaScriptCore/ChangeLog

    r208738 r208741  
     12016-11-15  Mark Lam  <mark.lam@apple.com>
     2
     3        The jsc shell's setImpureGetterDelegate() should ensure that the set value is an ImpureGetter.
     4        https://bugs.webkit.org/show_bug.cgi?id=164781
     5        <rdar://problem/28418590>
     6
     7        Reviewed by Geoffrey Garen and Michael Saboff.
     8
     9        * jsc.cpp:
     10        (functionSetImpureGetterDelegate):
     11
    1122016-11-15  Yusuke Suzuki  <utatane.tea@gmail.com>
    213

  • trunk/Source/JavaScriptCore/jsc.cpp

    r208738 r208741  
    17511751EncodedJSValue JSC_HOST_CALL functionSetImpureGetterDelegate(ExecState* exec)
    17521752{
    1753     JSLockHolder lock(exec);
     1753    VM& vm = exec->vm();
     1754    JSLockHolder lock(vm);
     1755    auto scope = DECLARE_THROW_SCOPE(vm);
     1756
    17541757    JSValue base = exec->argument(0);
    17551758    if (!base.isObject())
     
    17581761    if (!delegate.isObject())
    17591762        return JSValue::encode(jsUndefined());
    1760     ImpureGetter* impureGetter = jsCast<ImpureGetter*>(asObject(base.asCell()));
    1761     impureGetter->setDelegate(exec->vm(), asObject(delegate.asCell()));
     1763    ImpureGetter* impureGetter = jsDynamicCast<ImpureGetter*>(asObject(base.asCell()));
     1764    if (UNLIKELY(!impureGetter)) {
     1765        throwTypeError(exec, scope, ASCIILiteral("argument is not an ImpureGetter"));
     1766        return encodedJSValue();
     1767    }
     1768    impureGetter->setDelegate(vm, asObject(delegate.asCell()));
    17621769    return JSValue::encode(jsUndefined());
    17631770}
Note: See TracChangeset for help on using the changeset viewer.