Changeset 273222 in webkit

Timestamp:

Feb 21, 2021 1:08:03 PM (3 years ago)

Author:

ysuzuki@apple.com

Message:

[JSC] JSInternalPromise::then can fail if execution is terminated
​https://bugs.webkit.org/show_bug.cgi?id=222244

Reviewed by Mark Lam.

JSInternalPromise::then assumed that call's result is always JSInternalPromise.
But this is wrong if termination exception is thrown. In that case, this call fails.
This patch makes it robust against this behavior.

• runtime/JSInternalPromise.cpp:

(JSC::JSInternalPromise::then):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/JSInternalPromise.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-02-21  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] JSInternalPromise::then can fail if execution is terminated
+        https://bugs.webkit.org/show_bug.cgi?id=222244
+
+        Reviewed by Mark Lam.
+
+        JSInternalPromise::then assumed that call's result is always JSInternalPromise.
+        But this is wrong if termination exception is thrown. In that case, this call fails.
+        This patch makes it robust against this behavior.
+
+        * runtime/JSInternalPromise.cpp:
+        (JSC::JSInternalPromise::then):
+
 2021-02-21  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/Source/JavaScriptCore/runtime/JSInternalPromise.cpp

@@ -70 +70 @@
     arguments.append(onRejected ? onRejected : jsUndefined());
     ASSERT(!arguments.hasOverflowed());
-
-    RELEASE_AND_RETURN(scope, jsCast<JSInternalPromise*>(call(globalObject, function, callData, this, arguments)));
+    JSValue result = call(globalObject, function, callData, this, arguments);
+    RETURN_IF_EXCEPTION(scope, nullptr);
+    return jsCast<JSInternalPromise*>(result);
 }