Ignore:
Timestamp:
Sep 21, 2018, 4:18:15 PM (7 years ago)
Author:
[email protected]
Message:

JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
https://bugs.webkit.org/show_bug.cgi?id=189855
<rdar://problem/44680181>

Reviewed by Filip Pizlo.

tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
ExecState* argument. This is intentional so that resolveRope() does not throw
in the event of an OutOfMemory error. Hence, JSRopeString::resolveRope() should
get the VM from the cell instead of via the ExecState.

Also removed an obsolete and unused field in JSString.

  • runtime/JSString.cpp:

(JSC::JSRopeString::resolveRope const):
(JSC::JSRopeString::outOfMemory const):

  • runtime/JSString.h:

(JSC::JSString::tryGetValue const):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/JSString.cpp

    r236296 r236369  
    251251}
    252252
    253 void JSRopeString::resolveRope(ExecState* exec) const
     253void JSRopeString::resolveRope(ExecState* nullOrExecForOOM) const
    254254{
    255255    ASSERT(isRope());
     
    265265        LChar* buffer;
    266266        if (auto newImpl = StringImpl::tryCreateUninitialized(length(), buffer)) {
    267             exec->vm().heap.reportExtraMemoryAllocated(newImpl->cost());
     267            Heap::heap(this)->reportExtraMemoryAllocated(newImpl->cost());
    268268            m_value = WTFMove(newImpl);
    269269        } else {
    270             outOfMemory(exec);
     270            outOfMemory(nullOrExecForOOM);
    271271            return;
    272272        }
     
    279279    UChar* buffer;
    280280    if (auto newImpl = StringImpl::tryCreateUninitialized(length(), buffer)) {
    281         exec->vm().heap.reportExtraMemoryAllocated(newImpl->cost());
     281        Heap::heap(this)->reportExtraMemoryAllocated(newImpl->cost());
    282282        m_value = WTFMove(newImpl);
    283283    } else {
    284         outOfMemory(exec);
     284        outOfMemory(nullOrExecForOOM);
    285285        return;
    286286    }
     
    381381}
    382382
    383 void JSRopeString::outOfMemory(ExecState* exec) const
    384 {
    385     VM& vm = exec->vm();
    386     auto scope = DECLARE_THROW_SCOPE(vm);
    387 
     383void JSRopeString::outOfMemory(ExecState* nullOrExecForOOM) const
     384{
    388385    clearFibers();
    389386    ASSERT(isRope());
    390387    ASSERT(m_value.isNull());
    391     if (exec)
    392         throwOutOfMemoryError(exec, scope);
     388    if (nullOrExecForOOM) {
     389        VM& vm = nullOrExecForOOM->vm();
     390        auto scope = DECLARE_THROW_SCOPE(vm);
     391        throwOutOfMemoryError(nullOrExecForOOM, scope);
     392    }
    393393}
    394394
Note: See TracChangeset for help on using the changeset viewer.