Ignore:
Timestamp:
Jun 7, 2016, 7:53:32 PM (9 years ago)
Author:
[email protected]
Message:

Need an exception check after constructEmptyArray().
https://bugs.webkit.org/show_bug.cgi?id=158411

Reviewed by Saam Barati.

Source/JavaScriptCore:

Added an exception check after each call to constructEmptyArray().

  • inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::getInternalProperties):
(Inspector::JSInjectedScriptHost::weakMapEntries):
(Inspector::JSInjectedScriptHost::weakSetEntries):
(Inspector::JSInjectedScriptHost::iteratorEntries):

  • interpreter/ShadowChicken.cpp:

(JSC::ShadowChicken::functionsOnStack):

  • profiler/ProfilerBytecodeSequence.cpp:

(JSC::Profiler::BytecodeSequence::addSequenceProperties):

  • profiler/ProfilerCompilation.cpp:

(JSC::Profiler::Compilation::toJS):

  • profiler/ProfilerDatabase.cpp:

(JSC::Profiler::Database::toJS):

  • profiler/ProfilerOSRExitSite.cpp:

(JSC::Profiler::OSRExitSite::toJS):

  • profiler/ProfilerOriginStack.cpp:

(JSC::Profiler::OriginStack::toJS):

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):

  • runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::parse):

  • runtime/ModuleLoaderObject.cpp:

(JSC::moduleLoaderObjectRequestedModules):

  • runtime/ObjectConstructor.cpp:

(JSC::ownPropertyKeys):

  • runtime/RegExpObject.cpp:

(JSC::collectMatches):

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncSplitFast):

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncSplitFast):

  • runtime/TemplateRegistry.cpp:

(JSC::TemplateRegistry::getTemplateObject):

  • tests/stress/regress-158411.js: Added.

Source/WebCore:

A stress test for this was added in JavaScriptCore.

  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::toJS):

  • bindings/js/JSCommandLineAPIHostCustom.cpp:

(WebCore::getJSListenerFunctions):

  • bindings/js/JSCryptoKeySerializationJWK.cpp:

(WebCore::buildJSONForRSAComponents):
(WebCore::addBoolToJSON):
(WebCore::addUsagesToJSON):
(WebCore::JSCryptoKeySerializationJWK::serialize):

  • bindings/js/JSDOMBinding.h:

(WebCore::toJS):

  • bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::deserialize):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/profiler/ProfilerBytecodeSequence.cpp

    r179503 r201787  
    7878void BytecodeSequence::addSequenceProperties(ExecState* exec, JSObject* result) const
    7979{
     80    VM& vm = exec->vm();
    8081    JSArray* header = constructEmptyArray(exec, 0);
     82    if (UNLIKELY(vm.exception()))
     83        return;
    8184    for (unsigned i = 0; i < m_header.size(); ++i)
    8285        header->putDirectIndex(exec, i, jsString(exec, String::fromUTF8(m_header[i])));
    83     result->putDirect(exec->vm(), exec->propertyNames().header, header);
     86    result->putDirect(vm, exec->propertyNames().header, header);
    8487   
    8588    JSArray* sequence = constructEmptyArray(exec, 0);
     89    if (UNLIKELY(vm.exception()))
     90        return;
    8691    for (unsigned i = 0; i < m_sequence.size(); ++i)
    8792        sequence->putDirectIndex(exec, i, m_sequence[i].toJS(exec));
    88     result->putDirect(exec->vm(), exec->propertyNames().bytecode, sequence);
     93    result->putDirect(vm, exec->propertyNames().bytecode, sequence);
    8994}
    9095
Note: See TracChangeset for help on using the changeset viewer.