Changeset 196745 in webkit
- Timestamp:
- Feb 17, 2016 10:28:26 PM (8 years ago)
- Location:
- trunk/Source
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r196736 r196745 1 2016-02-17 Mark Lam <mark.lam@apple.com> 2 3 Callers of JSString::value() should check for exceptions thereafter. 4 https://bugs.webkit.org/show_bug.cgi?id=154346 5 6 Reviewed by Geoffrey Garen. 7 8 JSString::value() can throw an exception if the JS string is a rope and value() 9 needs to resolve the rope but encounters an OutOfMemory error. If value() is not 10 able to resolve the rope, it will return a null string (in addition to throwing 11 the exception). If a caller does not check for exceptions after calling 12 JSString::value(), they may eventually use the returned null string and crash the 13 VM. 14 15 The fix is to add all the necessary exception checks, and do the appropriate 16 handling if needed. 17 18 * jsc.cpp: 19 (functionRun): 20 (functionLoad): 21 (functionReadFile): 22 (functionCheckSyntax): 23 (functionLoadWebAssembly): 24 (functionLoadModule): 25 (functionCheckModuleSyntax): 26 * runtime/DateConstructor.cpp: 27 (JSC::dateParse): 28 (JSC::dateNow): 29 * runtime/JSGlobalObjectFunctions.cpp: 30 (JSC::globalFuncEval): 31 * tools/JSDollarVMPrototype.cpp: 32 (JSC::functionPrint): 33 1 34 2016-02-17 Benjamin Poulain <bpoulain@apple.com> 2 35 -
trunk/Source/JavaScriptCore/jsc.cpp
r196331 r196745 1244 1244 { 1245 1245 String fileName = exec->argument(0).toString(exec)->value(exec); 1246 if (exec->hadException()) 1247 return JSValue::encode(jsUndefined()); 1246 1248 Vector<char> script; 1247 1249 if (!fetchScriptFromLocalFileSystem(fileName, script)) … … 1273 1275 { 1274 1276 String fileName = exec->argument(0).toString(exec)->value(exec); 1277 if (exec->hadException()) 1278 return JSValue::encode(jsUndefined()); 1275 1279 Vector<char> script; 1276 1280 if (!fetchScriptFromLocalFileSystem(fileName, script)) … … 1289 1293 { 1290 1294 String fileName = exec->argument(0).toString(exec)->value(exec); 1295 if (exec->hadException()) 1296 return JSValue::encode(jsUndefined()); 1291 1297 Vector<char> script; 1292 1298 if (!fillBufferWithContentsOfFile(fileName, script)) … … 1299 1305 { 1300 1306 String fileName = exec->argument(0).toString(exec)->value(exec); 1307 if (exec->hadException()) 1308 return JSValue::encode(jsUndefined()); 1301 1309 Vector<char> script; 1302 1310 if (!fetchScriptFromLocalFileSystem(fileName, script)) … … 1566 1574 { 1567 1575 String fileName = exec->argument(0).toString(exec)->value(exec); 1576 if (exec->hadException()) 1577 return JSValue::encode(jsUndefined()); 1568 1578 Vector<char> buffer; 1569 1579 if (!fillBufferWithContentsOfFile(fileName, buffer)) … … 1585 1595 { 1586 1596 String fileName = exec->argument(0).toString(exec)->value(exec); 1597 if (exec->hadException()) 1598 return JSValue::encode(jsUndefined()); 1587 1599 Vector<char> script; 1588 1600 if (!fetchScriptFromLocalFileSystem(fileName, script)) … … 1609 1621 { 1610 1622 String source = exec->argument(0).toString(exec)->value(exec); 1623 if (exec->hadException()) 1624 return JSValue::encode(jsUndefined()); 1611 1625 1612 1626 StopWatch stopWatch; -
trunk/Source/JavaScriptCore/runtime/DateConstructor.cpp
r194863 r196745 206 206 EncodedJSValue JSC_HOST_CALL dateParse(ExecState* exec) 207 207 { 208 return JSValue::encode(jsNumber(parseDate(exec->vm(), exec->argument(0).toString(exec)->value(exec)))); 208 String dateStr = exec->argument(0).toString(exec)->value(exec); 209 if (exec->hadException()) 210 return JSValue::encode(jsUndefined()); 211 return JSValue::encode(jsNumber(parseDate(exec->vm(), dateStr))); 209 212 } 210 213 -
trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
r194449 r196745 575 575 576 576 String s = x.toString(exec)->value(exec); 577 if (exec->hadException()) 578 return JSValue::encode(jsUndefined()); 577 579 578 580 if (s.is8Bit()) { -
trunk/Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp
r190555 r196745 304 304 if (i) 305 305 dataLog(" "); 306 dataLog(exec->uncheckedArgument(i).toString(exec)->value(exec)); 306 String argStr = exec->uncheckedArgument(i).toString(exec)->value(exec); 307 if (exec->hadException()) 308 return JSValue::encode(jsUndefined()); 309 dataLog(argStr); 307 310 } 308 311 return JSValue::encode(jsUndefined()); -
trunk/Source/WebCore/ChangeLog
r196744 r196745 1 2016-02-17 Mark Lam <mark.lam@apple.com> 2 3 Callers of JSString::value() should check for exceptions thereafter. 4 https://bugs.webkit.org/show_bug.cgi?id=154346 5 6 Reviewed by Geoffrey Garen. 7 8 No new tests. The crash that results from this issue is dependent on a race 9 condition where an OutOfMemory error occurs precisely at the point where the 10 JSString::value() function is called on a rope JSString. 11 12 * bindings/js/JSHTMLAllCollectionCustom.cpp: 13 (WebCore::callHTMLAllCollection): 14 * bindings/js/JSStorageCustom.cpp: 15 (WebCore::JSStorage::putDelegate): 16 - Added a comment at the site of the exception check to clarify the meaning of 17 the return value. 18 1 19 2016-02-17 David Kilzer <ddkilzer@apple.com> 2 20 -
trunk/Source/WebCore/bindings/js/JSHTMLAllCollectionCustom.cpp
r191887 r196745 66 66 // Support for document.all(<index>) etc. 67 67 String string = exec->argument(0).toString(exec)->value(exec); 68 if (exec->hadException()) 69 return JSValue::encode(jsUndefined()); 68 70 if (Optional<uint32_t> index = parseIndex(*string.impl())) 69 71 return JSValue::encode(toJS(exec, jsCollection->globalObject(), collection.item(index.value()))); … … 75 77 // The second arg, if set, is the index of the item we want 76 78 String string = exec->argument(0).toString(exec)->value(exec); 79 if (exec->hadException()) 80 return JSValue::encode(jsUndefined()); 77 81 if (Optional<uint32_t> index = parseIndex(*exec->argument(1).toWTFString(exec).impl())) { 78 82 if (auto* item = collection.namedItemWithIndex(string, index.value())) -
trunk/Source/WebCore/bindings/js/JSStorageCustom.cpp
r196722 r196745 115 115 116 116 String stringValue = value.toString(exec)->value(exec); 117 if (exec->hadException()) 117 if (exec->hadException()) { 118 // The return value indicates whether putDelegate() should handle the put operation (which 119 // if true, tells the caller not to execute the generic put). It does not indicate whether 120 // putDelegate() did successfully complete the operation or not (which it didn't in this 121 // case due to the exception). 118 122 return true; 123 } 119 124 120 125 ExceptionCode ec = 0;
Note: See TracChangeset
for help on using the changeset viewer.