Changeset 248802 in webkit

Timestamp:

Aug 16, 2019 4:49:27 PM (5 years ago)

Author:

mark.lam@apple.com

Message:

More missing exception checks in string comparison operators.
​https://bugs.webkit.org/show_bug.cgi?id=200844
<rdar://problem/54378684>

Reviewed by Saam Barati.

JSTests:

• stress/missing-exception-check-in-string-greater-than-compare.js: Added.
• stress/missing-exception-check-in-string-greater-than-or-equal-compare.js: Added.
• stress/missing-exception-check-in-string-less-than-compare.js: Added.
• stress/missing-exception-check-in-string-less-than-or-equal-compare.js: Added.

Source/JavaScriptCore:

• runtime/Operations.h:

(JSC::jsLess):
(JSC::jsLessEq):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/missing-exception-check-in-string-greater-than-compare.js (added)
• JSTests/stress/missing-exception-check-in-string-greater-than-or-equal-compare.js (added)
• JSTests/stress/missing-exception-check-in-string-less-than-compare.js (added)
• JSTests/stress/missing-exception-check-in-string-less-than-or-equal-compare.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/runtime/Operations.h (modified) (3 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2019-08-16  Mark Lam  <mark.lam@apple.com>
+
+        More missing exception checks in string comparison operators.
+        https://bugs.webkit.org/show_bug.cgi?id=200844
+        <rdar://problem/54378684>
+
+        Reviewed by Saam Barati.
+
+        * stress/missing-exception-check-in-string-greater-than-compare.js: Added.
+        * stress/missing-exception-check-in-string-greater-than-or-equal-compare.js: Added.
+        * stress/missing-exception-check-in-string-less-than-compare.js: Added.
+        * stress/missing-exception-check-in-string-less-than-or-equal-compare.js: Added.
+
 2019-08-16  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-08-16  Mark Lam  <mark.lam@apple.com>
+
+        More missing exception checks in string comparison operators.
+        https://bugs.webkit.org/show_bug.cgi?id=200844
+        <rdar://problem/54378684>
+
+        Reviewed by Saam Barati.
+
+        * runtime/Operations.h:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+
 2019-08-16  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/runtime/Operations.h

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- *  Copyright (C) 2002-2018 Apple Inc. All rights reserved.
+ *  Copyright (C) 2002-2019 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -353 +353 @@
         return v1.asNumber() < v2.asNumber();
 
-    if (isJSString(v1) && isJSString(v2))
-        return codePointCompareLessThan(asString(v1)->value(callFrame), asString(v2)->value(callFrame));
+    if (isJSString(v1) && isJSString(v2)) {
+        String s1 = asString(v1)->value(callFrame);
+        RETURN_IF_EXCEPTION(scope, false);
+        String s2 = asString(v2)->value(callFrame);
+        RETURN_IF_EXCEPTION(scope, false);
+        return codePointCompareLessThan(s1, s2);
+    }
 
     double n1;
@@ -398 +403 @@
         return v1.asNumber() <= v2.asNumber();
 
-    if (isJSString(v1) && isJSString(v2))
-        return !codePointCompareLessThan(asString(v2)->value(callFrame), asString(v1)->value(callFrame));
+    if (isJSString(v1) && isJSString(v2)) {
+        String s1 = asString(v1)->value(callFrame);
+        RETURN_IF_EXCEPTION(scope, false);
+        String s2 = asString(v2)->value(callFrame);
+        RETURN_IF_EXCEPTION(scope, false);
+        return !codePointCompareLessThan(s2, s1);
+    }
 
     double n1;