Changeset 275361 in webkit

Timestamp:

Apr 1, 2021 8:35:21 AM (3 years ago)

Author:

mark.lam@apple.com

Message:

Fix some missing exception checks in HTMLMediaElement methods.
​https://bugs.webkit.org/show_bug.cgi?id=224038
rdar://69573092

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/missing-exception-checks-in-HTMLMediaElement-methods.html

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setupAndCallJS):
(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
(WebCore::HTMLMediaElement::setControllerJSProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):

LayoutTests:

• media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt: Added.
• media/missing-exception-checks-in-HTMLMediaElement-methods.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt (added)
• LayoutTests/media/missing-exception-checks-in-HTMLMediaElement-methods.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/html/HTMLMediaElement.cpp (modified) (12 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-04-01  Mark Lam  <mark.lam@apple.com>
+
+        Fix some missing exception checks in HTMLMediaElement methods.
+        https://bugs.webkit.org/show_bug.cgi?id=224038
+        rdar://69573092
+
+        Reviewed by Eric Carlson.
+
+        * media/missing-exception-checks-in-HTMLMediaElement-methods-expected.txt: Added.
+        * media/missing-exception-checks-in-HTMLMediaElement-methods.html: Added.
+
 2021-04-01  Devin Rousso  <drousso@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-04-01  Mark Lam  <mark.lam@apple.com>
+
+        Fix some missing exception checks in HTMLMediaElement methods.
+        https://bugs.webkit.org/show_bug.cgi?id=224038
+        rdar://69573092
+
+        Reviewed by Eric Carlson.
+
+        Test: media/missing-exception-checks-in-HTMLMediaElement-methods.html
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::setupAndCallJS):
+        (WebCore::HTMLMediaElement::updateCaptionContainer):
+        (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
+        (WebCore::HTMLMediaElement::setControllerJSProperty):
+        (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
+        (WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
+        (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
+
 2021-04-01  Jean-Yves Avenard  <jya@apple.com>
 

trunk/Source/WebCore/html/HTMLMediaElement.cpp

@@ -4312 +4312 @@
     auto& vm = globalObject->vm();
     JSC::JSLockHolder lock(vm);
-    auto scope = DECLARE_THROW_SCOPE(vm);
     auto* lexicalGlobalObject = globalObject;
-
-    RETURN_IF_EXCEPTION(scope, false);
-
     return task(*globalObject, *lexicalGlobalObject, scriptController, world);
 }
@@ -4336 +4332 @@
         auto& vm = globalObject.vm();
         auto scope = DECLARE_CATCH_SCOPE(vm);
+
+        auto reportExceptionAndReturnFalse = [&] () -> bool {
+            auto* exception = scope.exception();
+            scope.clearException();
+            reportException(&globalObject, exception);
+            return false;
+        };
+
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         auto* controllerObject = JSC::jsDynamicCast<JSC::JSObject*>(vm, controllerValue);
         if (!controllerObject)
@@ -4348 +4354 @@
         //     None
         auto methodValue = controllerObject->get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "updateCaptionContainer"));
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         auto* methodObject = JSC::jsDynamicCast<JSC::JSObject*>(vm, methodValue);
         if (!methodObject)
@@ -4359 +4367 @@
         ASSERT(!noArguments.hasOverflowed());
         JSC::call(&lexicalGlobalObject, methodObject, callData, controllerObject, noArguments);
-        scope.clearException();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
 
         m_haveSetUpCaptionContainer = true;
@@ -7157 +7165 @@
         auto scope = DECLARE_CATCH_SCOPE(vm);
 
+        auto reportExceptionAndReturnFalse = [&] () -> bool {
+            auto* exception = scope.exception();
+            scope.clearException();
+            reportException(&globalObject, exception);
+            return false;
+        };
+
         auto functionValue = globalObject.get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "createControls"));
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
         if (functionValue.isCallable(vm))
             return true;
@@ -7165 +7181 @@
                 continue;
             scriptController.evaluateInWorldIgnoringException(ScriptSourceCode(mediaControlsScript), world);
-            if (UNLIKELY(scope.exception())) {
-                auto* exception = scope.exception();
-                scope.clearException();
-                reportException(&globalObject, exception);
-                return false;
-            }
+            RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
         }
 
@@ -7200 +7211 @@
     setupAndCallJS([this, propertyName, propertyValue](JSDOMGlobalObject& globalObject, JSC::JSGlobalObject& lexicalGlobalObject, ScriptController&, DOMWrapperWorld&) {
         auto& vm = globalObject.vm();
+        auto scope = DECLARE_THROW_SCOPE(vm);
+
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        EXCEPTION_ASSERT_UNUSED(scope, !scope.exception() || controllerValue.isNull());
         if (controllerValue.isNull())
             return false;
@@ -7209 +7223 @@
             return false;
 
+        scope.release();
         controllerObject->methodTable(vm)->put(controllerObject, &lexicalGlobalObject, JSC::Identifier::fromString(vm, propertyName), propertyValue, propertySlot);
 
@@ -7257 +7272 @@
             return false;
 
+        auto reportExceptionAndReturnFalse = [&] () -> bool {
+            auto* exception = scope.exception();
+            scope.clearException();
+            reportException(&globalObject, exception);
+            return false;
+        };
+
         auto controllerValue = JSC::call(&lexicalGlobalObject, function, callData, &globalObject, argList);
-        scope.clearException();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         auto* controllerObject = JSC::jsDynamicCast<JSC::JSObject*>(vm, controllerValue);
         if (!controllerObject)
@@ -7283 +7306 @@
 
         updatePageScaleFactorJSProperty();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
+
         updateUsesLTRUserInterfaceLayoutDirectionJSProperty();
-
-        if (UNLIKELY(scope.exception()))
-            scope.clearException();
+        RETURN_IF_EXCEPTION(scope, reportExceptionAndReturnFalse());
 
         return true;
@@ -7318 +7341 @@
 
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        RETURN_IF_EXCEPTION(scope, false);
         auto* controllerObject = controllerValue.toObject(&lexicalGlobalObject);
-
         RETURN_IF_EXCEPTION(scope, false);
 
@@ -7362 +7385 @@
 
         auto controllerValue = controllerJSValue(lexicalGlobalObject, globalObject, *this);
+        RETURN_IF_EXCEPTION(scope, false);
         auto* controllerObject = controllerValue.toObject(&lexicalGlobalObject);
-
         RETURN_IF_EXCEPTION(scope, false);