Null pointer dereference in JSC::WriteBarrierBase()
https://bugs.webkit.org/show_bug.cgi?id=191252
Reviewed by Keith Miller.
Source/JavaScriptCore:
JSPromiseDeferred::create can return nullptr and an exception if stack overflow happens.
We would like to make it RELEASE_ASSERT since the current module mechanism is not immune
to stack overflow.
This patch renames JSPromiseDeferred::create to JSPromiseDeferred::tryCreate to tell that
it can return nullptr. And we insert error checks or assertions after this call.
(GlobalObject::moduleLoaderImportModule):
(GlobalObject::moduleLoaderFetch):
(JSC::rejectPromise):
- runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncImportModule):
- runtime/JSInternalPromiseDeferred.cpp:
(JSC::JSInternalPromiseDeferred::tryCreate):
(JSC::JSInternalPromiseDeferred::create): Deleted.
- runtime/JSInternalPromiseDeferred.h:
- runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::importModule):
(JSC::JSModuleLoader::resolve):
(JSC::JSModuleLoader::fetch):
(JSC::moduleLoaderParseModule):
- runtime/JSPromise.h:
- runtime/JSPromiseDeferred.cpp:
(JSC::JSPromiseDeferred::tryCreate):
- runtime/JSPromiseDeferred.h:
- wasm/js/WebAssemblyPrototype.cpp:
(JSC::webAssemblyCompileFunc):
(JSC::webAssemblyInstantiateFunc):
(JSC::webAssemblyCompileStreamingInternal):
(JSC::webAssemblyInstantiateStreamingInternal):
Source/WebCore:
- bindings/js/JSCustomElementRegistryCustom.cpp:
(WebCore::JSCustomElementRegistry::whenDefined):
- bindings/js/JSDOMPromiseDeferred.cpp:
(WebCore::createDeferredPromise):
- bindings/js/JSDOMPromiseDeferred.h:
(WebCore::DeferredPromise::create):
(WebCore::callPromiseFunction):
- bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::moduleLoaderFetch):
(WebCore::JSDOMWindowBase::moduleLoaderImportModule):
- bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::fetch):
(WebCore::rejectPromise):
