Changeset 251403 in webkit
- Timestamp:
- Oct 21, 2019, 5:51:26 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/missing-exception-check-in-josn-stringifier.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/runtime/JSONObject.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified trunk/JSTests/ChangeLog ¶
r251394 r251403 1 2019-10-21 Mark Lam <mark.lam@apple.com> 2 3 Fix missing exception check in JSON Stringifier. 4 https://bugs.webkit.org/show_bug.cgi?id=203227 5 <rdar://problem/56459854> 6 7 Reviewed by Keith Miller. 8 9 * stress/missing-exception-check-in-josn-stringifier.js: Added. 10 1 11 2019-10-21 Saam Barati <sbarati@apple.com> 2 12 -
TabularUnified trunk/Source/JavaScriptCore/ChangeLog ¶
r251400 r251403 1 2019-10-21 Mark Lam <mark.lam@apple.com> 2 3 Fix missing exception check in JSON Stringifier. 4 https://bugs.webkit.org/show_bug.cgi?id=203227 5 <rdar://problem/56459854> 6 7 Reviewed by Keith Miller. 8 9 * runtime/JSONObject.cpp: 10 (JSC::Stringifier::Stringifier): 11 1 12 2019-10-21 Mark Lam <mark.lam@apple.com> 2 13 -
TabularUnified trunk/Source/JavaScriptCore/runtime/JSONObject.cpp ¶
r251394 r251403 238 238 if (isArrayReplacer) { 239 239 m_usingArrayReplacer = true; 240 unsigned length = replacerObject->get(exec, vm.propertyNames->length).toUInt32(exec); 240 JSValue lengthValue = replacerObject->get(exec, vm.propertyNames->length); 241 RETURN_IF_EXCEPTION(scope, ); 242 unsigned length = lengthValue.toUInt32(exec); 241 243 RETURN_IF_EXCEPTION(scope, ); 242 244 for (unsigned i = 0; i < length; ++i) {
Note:
See TracChangeset
for help on using the changeset viewer.
