Changeset 235491 in webkit


Ignore:
Timestamp:
Aug 29, 2018, 6:20:20 PM (7 years ago)
Author:
mark.lam@apple.com
Message:

Add some missing exception checks in JSRopeString::resolveRopeToAtomicString().
https://bugs.webkit.org/show_bug.cgi?id=189132
<rdar://problem/42513068>

Reviewed by Saam Barati.

JSTests:

  • stress/regress-189132.js: Added.

Source/JavaScriptCore:

  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::toPropertyKey const):

  • runtime/JSString.cpp:

(JSC::JSRopeString::resolveRopeToAtomicString const):

Location:
trunk
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/ChangeLog

    r235420 r235491  
     12018-08-29  Mark Lam  <mark.lam@apple.com>
     2
     3        Add some missing exception checks in JSRopeString::resolveRopeToAtomicString().
     4        https://bugs.webkit.org/show_bug.cgi?id=189132
     5        <rdar://problem/42513068>
     6
     7        Reviewed by Saam Barati.
     8
     9        * stress/regress-189132.js: Added.
     10
    1112018-08-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
    212

  • trunk/Source/JavaScriptCore/ChangeLog

    r235465 r235491  
     12018-08-29  Mark Lam  <mark.lam@apple.com>
     2
     3        Add some missing exception checks in JSRopeString::resolveRopeToAtomicString().
     4        https://bugs.webkit.org/show_bug.cgi?id=189132
     5        <rdar://problem/42513068>
     6
     7        Reviewed by Saam Barati.
     8
     9        * runtime/JSCJSValueInlines.h:
     10        (JSC::JSValue::toPropertyKey const):
     11        * runtime/JSString.cpp:
     12        (JSC::JSRopeString::resolveRopeToAtomicString const):
     13
    1142018-08-29  Commit Queue  <commit-queue@webkit.org>
    215

  • trunk/Source/JavaScriptCore/runtime/JSCJSValueInlines.h

    r233245 r235491  
    650650    auto scope = DECLARE_THROW_SCOPE(vm);
    651651
    652     if (isString())
     652    if (isString()) {
     653        scope.release();
    653654        return asString(*this)->toIdentifier(exec);
     655    }
    654656
    655657    JSValue primitive = toPrimitive(exec, PreferString);
    656658    RETURN_IF_EXCEPTION(scope, vm.propertyNames->emptyIdentifier);
    657     if (primitive.isSymbol())
     659    if (primitive.isSymbol()) {
     660        scope.release();
    658661        return Identifier::fromUid(asSymbol(primitive)->privateName());
     662    }
    659663    scope.release();
    660664    return primitive.toString(exec)->toIdentifier(exec);

  • trunk/Source/JavaScriptCore/runtime/JSString.cpp

    r233765 r235491  
    179179void JSRopeString::resolveRopeToAtomicString(ExecState* exec) const
    180180{
     181    VM& vm = exec->vm();
     182    auto scope = DECLARE_THROW_SCOPE(vm);
     183
    181184    if (length() > maxLengthForOnStackResolve) {
    182185        resolveRope(exec);
     186        RETURN_IF_EXCEPTION(scope, void());
    183187        m_value = AtomicString(m_value);
    184188        setIs8Bit(m_value.impl()->is8Bit());
Note: See TracChangeset for help on using the changeset viewer.