Changeset 196300 in webkit
- Timestamp:
- Feb 8, 2016 7:31:11 PM (8 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r196286 r196300 1 2016-02-08 Saam Barati <sbarati@apple.com> 2 3 runtimeTypeForValue should protect against seeing TDZ value 4 https://bugs.webkit.org/show_bug.cgi?id=154023 5 6 Reviewed by Michael Saboff. 7 8 There are a few back traces I've seen from crashes that bottom out 9 inside runtimeTypeForValue. I haven't been able to reproduce 10 any such crash, but it's likely that we're encountering the 11 empty JSValue. It's better to just have this function protect 12 against seeing the empty value instead of dereferencing a null 13 pointer when it thinks the value is a cell. 14 15 * runtime/RuntimeType.cpp: 16 (JSC::runtimeTypeForValue): 17 1 18 2016-02-08 Andreas Kling <akling@apple.com> 2 19 -
trunk/Source/JavaScriptCore/runtime/RuntimeType.cpp
r182114 r196300 1 1 /* 2 * Copyright (C) 2015 Apple Inc. All rights reserved.2 * Copyright (C) 2015-2016 Apple Inc. All rights reserved. 3 3 * Copyright (C) Saam Barati <saambarati1@gmail.com>. All rights reserved. 4 4 * … … 36 36 RuntimeType runtimeTypeForValue(JSValue value) 37 37 { 38 if (UNLIKELY(!value)) 39 return TypeNothing; 40 38 41 if (value.isUndefined()) 39 42 return TypeUndefined;
Note: See TracChangeset
for help on using the changeset viewer.