Changeset 206876 in webkit


Ignore:
Timestamp:
Oct 6, 2016 1:13:50 PM (8 years ago)
Author:
keith_miller@apple.com
Message:

getInternalObjcObject should validate the JSManagedObject's value.
https://bugs.webkit.org/show_bug.cgi?id=162985

Reviewed by Geoffrey Garen.

Previously, if, for instance, the JSManagedObject's weak value had been
cleared we would call tryUnwrapObjcObject with a nil context and value.
This triggered assertions failures as those functions expect their inputs
to be valid.

  • API/JSVirtualMachine.mm:

(getInternalObjcObject):

Location:
trunk/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/API/JSVirtualMachine.mm

    r204466 r206876  
    133133    if ([object isKindOfClass:[JSManagedValue class]]) {
    134134        JSValue* value = [static_cast<JSManagedValue *>(object) value];
     135        if (!value)
     136            return nil;
    135137        id temp = tryUnwrapObjcObject([value.context JSGlobalContextRef], [value JSValueRef]);
    136138        if (temp)

  • trunk/Source/JavaScriptCore/API/tests/testapi.mm

    r205895 r206876  
    11831183
    11841184    @autoreleasepool {
     1185        static const unsigned count = 100;
     1186        NSMutableArray *array = [NSMutableArray arrayWithCapacity:count];
     1187        JSContext *context = [[JSContext alloc] init];
     1188        @autoreleasepool {
     1189            for (unsigned i = 0; i < count; ++i) {
     1190                JSValue *object = [JSValue valueWithNewObjectInContext:context];
     1191                JSManagedValue *managedObject = [JSManagedValue managedValueWithValue:object];
     1192                [array addObject:managedObject];
     1193            }
     1194        }
     1195        JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]);
     1196        for (unsigned i = 0; i < count; ++i)
     1197            [context.virtualMachine addManagedReference:array[i] withOwner:array];
     1198    }
     1199
     1200    @autoreleasepool {
    11851201        TestObject *testObject = [TestObject testObject];
    11861202        JSManagedValue *managedTestObject;

  • trunk/Source/JavaScriptCore/ChangeLog

    r206875 r206876  
     12016-10-06  Keith Miller  <keith_miller@apple.com>
     2
     3        getInternalObjcObject should validate the JSManagedObject's value.
     4        https://bugs.webkit.org/show_bug.cgi?id=162985
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        Previously, if, for instance, the JSManagedObject's weak value had been
     9        cleared we would call tryUnwrapObjcObject with a nil context and value.
     10        This triggered assertions failures as those functions expect their inputs
     11        to be valid.
     12
     13        * API/JSVirtualMachine.mm:
     14        (getInternalObjcObject):
     15
    1162016-10-06  Brian Burg  <bburg@apple.com>
    217
Note: See TracChangeset for help on using the changeset viewer.