Changeset 214005 in webkit


Ignore:
Timestamp:
Mar 15, 2017 1:19:35 PM (7 years ago)
Author:
mark.lam@apple.com
Message:

Fix missing exception checks in Interpreter.cpp.
https://bugs.webkit.org/show_bug.cgi?id=164964

Reviewed by Saam Barati.

  • interpreter/Interpreter.cpp:

(JSC::eval):
(JSC::sizeOfVarargs):
(JSC::sizeFrameForVarargs):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
(JSC::Interpreter::execute):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r213978 r214005  
     12017-03-15  Mark Lam  <mark.lam@apple.com>
     2
     3        Fix missing exception checks in Interpreter.cpp.
     4        https://bugs.webkit.org/show_bug.cgi?id=164964
     5
     6        Reviewed by Saam Barati.
     7
     8        * interpreter/Interpreter.cpp:
     9        (JSC::eval):
     10        (JSC::sizeOfVarargs):
     11        (JSC::sizeFrameForVarargs):
     12        (JSC::Interpreter::executeProgram):
     13        (JSC::Interpreter::executeCall):
     14        (JSC::Interpreter::executeConstruct):
     15        (JSC::Interpreter::prepareForRepeatCall):
     16        (JSC::Interpreter::execute):
     17
    1182017-03-15  Dean Jackson  <dino@apple.com>
    219
  • trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

    r213367 r214005  
    138138            if (programSource.is8Bit()) {
    139139                LiteralParser<LChar> preparser(callFrame, programSource.characters8(), programSource.length(), NonStrictJSON);
    140                 if (JSValue parsedObject = preparser.tryLiteralParse())
     140                if (JSValue parsedObject = preparser.tryLiteralParse()) {
     141                    scope.release();
    141142                    return parsedObject;
     143                }
    142144            } else {
    143145                LiteralParser<UChar> preparser(callFrame, programSource.characters16(), programSource.length(), NonStrictJSON);
    144                 if (JSValue parsedObject = preparser.tryLiteralParse())
    145                     return parsedObject;               
     146                if (JSValue parsedObject = preparser.tryLiteralParse()) {
     147                    scope.release();
     148                    return parsedObject;
     149                }
    146150            }
    147151        }
     
    153157        JSScope::collectClosureVariablesUnderTDZ(callerScopeChain, variablesUnderTDZ);
    154158        eval = DirectEvalExecutable::create(callFrame, makeSource(programSource, callerCodeBlock->source()->sourceOrigin()), callerCodeBlock->isStrictMode(), derivedContextType, isArrowFunctionContext, evalContextType, &variablesUnderTDZ);
     159        ASSERT(!!scope.exception() == !eval);
    155160        if (!eval)
    156161            return jsUndefined();
     
    161166    JSValue thisValue = callerFrame->thisValue();
    162167    Interpreter* interpreter = vm.interpreter;
     168    scope.release();
    163169    return interpreter->execute(eval, callFrame, thisValue, callerScopeChain);
    164170}
     
    194200        RELEASE_ASSERT(arguments.isObject());
    195201        length = getLength(callFrame, jsCast<JSObject*>(cell));
    196         RETURN_IF_EXCEPTION(scope, 0);
    197202        break;
    198203    }
    199 
     204    RETURN_IF_EXCEPTION(scope, 0);
    200205   
    201206    if (length >= firstVarArgOffset)
     
    224229
    225230    unsigned length = sizeOfVarargs(callFrame, arguments, firstVarArgOffset);
    226    
     231    RETURN_IF_EXCEPTION(scope, 0);
     232
    227233    CallFrame* calleeFrame = calleeFrameForVarargs(callFrame, numUsedStackSlots, length + 1);
    228234    if (UNLIKELY(length > maxArguments || !vm.ensureStackCapacityFor(calleeFrame->registers()))) {
     
    764770    }
    765771
     772    RETURN_IF_EXCEPTION(throwScope, { });
    766773    if (parseResult) {
    767774        JSGlobalObject* globalObject = scope->globalObject();
     
    848855
    849856    // Compile source to bytecode if necessary:
    850     if (JSObject* error = program->initializeGlobalProperties(vm, callFrame, scope))
     857    JSObject* error = program->initializeGlobalProperties(vm, callFrame, scope);
     858    ASSERT(!throwScope.exception() || !error);
     859    if (UNLIKELY(error))
    851860        return checkedReturn(throwException(callFrame, throwScope, error));
    852861
     
    855864        CodeBlock* tempCodeBlock;
    856865        JSObject* error = program->prepareForExecution<ProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
    857         ASSERT(!throwScope.exception() || throwScope.exception() == jsDynamicCast<Exception*>(vm, error));
    858         if (error)
    859             return checkedReturn(throwException(callFrame, throwScope, error));
     866        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(error));
     867        if (UNLIKELY(error))
     868            return checkedReturn(error);
    860869        codeBlock = jsCast<ProgramCodeBlock*>(tempCodeBlock);
    861870    }
     
    876885
    877886    // Execute the code:
     887    throwScope.release();
    878888    JSValue result = program->generatedJITCode()->execute(&vm, &protoCallFrame);
    879     throwScope.release();
    880889    return checkedReturn(result);
    881890}
     
    915924        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
    916925        if (UNLIKELY(!!compileError))
    917             return checkedReturn(throwException(callFrame, throwScope, compileError));
     926            return checkedReturn(compileError);
    918927
    919928        ASSERT(!!newCodeBlock);
     
    935944        // Execute the code:
    936945        if (isJSCall) {
     946            throwScope.release();
    937947            result = callData.js.functionExecutable->generatedJITCodeForCall()->execute(&vm, &protoCallFrame);
    938             throwScope.release();
    939948        } else {
    940949            result = JSValue::decode(vmEntryToNative(reinterpret_cast<void*>(callData.native.function), &vm, &protoCallFrame));
     
    980989        // Compile the callee:
    981990        JSObject* compileError = constructData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(constructor), scope, CodeForConstruct, newCodeBlock);
     991        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
    982992        if (UNLIKELY(!!compileError))
    983             return checkedReturn(throwException(callFrame, throwScope, compileError));
     993            return checkedReturn(compileError);
    984994
    985995        ASSERT(!!newCodeBlock);
     
    10191029    VM& vm = *scope->vm();
    10201030    auto throwScope = DECLARE_THROW_SCOPE(vm);
    1021     ASSERT(!throwScope.exception());
     1031    ASSERT_UNUSED(throwScope, !throwScope.exception());
    10221032   
    10231033    if (vm.isCollectorBusyOnCurrentThread())
     
    10271037    CodeBlock* newCodeBlock;
    10281038    JSObject* error = functionExecutable->prepareForExecution<FunctionExecutable>(vm, function, scope, CodeForCall, newCodeBlock);
    1029     if (error) {
    1030         throwException(callFrame, throwScope, error);
     1039    ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(error));
     1040    if (UNLIKELY(error))
    10311041        return CallFrameClosure();
    1032     }
    10331042    newCodeBlock->m_shouldAlwaysBeInlined = false;
    10341043
     
    10601069
    10611070    // Execute the code:
     1071    throwScope.release();
    10621072    JSValue result = closure.functionExecutable->generatedJITCodeForCall()->execute(&vm, closure.protoCallFrame);
    10631073
     
    11091119        CodeBlock* tempCodeBlock;
    11101120        JSObject* compileError = eval->prepareForExecution<EvalExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
     1121        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
    11111122        if (UNLIKELY(!!compileError))
    1112             return checkedReturn(throwException(callFrame, throwScope, compileError));
     1123            return checkedReturn(compileError);
    11131124        codeBlock = jsCast<EvalCodeBlock*>(tempCodeBlock);
    11141125    }
     
    11441155        for (unsigned i = 0; i < numVariables; ++i) {
    11451156            const Identifier& ident = codeBlock->variable(i);
    1146             if (!variableObject->hasProperty(callFrame, ident)) {
     1157            bool hasProperty = variableObject->hasProperty(callFrame, ident);
     1158            RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
     1159            if (!hasProperty) {
    11471160                PutPropertySlot slot(variableObject);
    11481161                variableObject->methodTable()->put(variableObject, callFrame, ident, jsUndefined(), slot);
     1162                RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
    11491163            }
    11501164        }
     
    11541168            PutPropertySlot slot(variableObject);
    11551169            variableObject->methodTable()->put(variableObject, callFrame, function->name(), JSFunction::create(vm, function, scope), slot);
     1170            RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
    11561171        }
    11571172    }
     
    11691184
    11701185    // Execute the code:
     1186    throwScope.release();
    11711187    JSValue result = eval->generatedJITCode()->execute(&vm, &protoCallFrame);
    11721188
     
    11941210        CodeBlock* tempCodeBlock;
    11951211        JSObject* compileError = executable->prepareForExecution<ModuleProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
     1212        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
    11961213        if (UNLIKELY(!!compileError))
    1197             return checkedReturn(throwException(callFrame, throwScope, compileError));
     1214            return checkedReturn(compileError);
    11981215        codeBlock = jsCast<ModuleProgramCodeBlock*>(tempCodeBlock);
    11991216    }
     
    12171234
    12181235    // Execute the code:
     1236    throwScope.release();
    12191237    JSValue result = executable->generatedJITCode()->execute(&vm, &protoCallFrame);
    12201238
Note: See TracChangeset for help on using the changeset viewer.