Context Navigation

Changeset 31350 in webkit for trunk/JavaScriptCore/API

Timestamp:

Mar 26, 2008, 8:35:40 PM (17 years ago)

Author:

Adam Roben

Message:

Fix Bug 18060: Assertion failure (JSLock not held) beneath JSCallbackObject<Base>::toString

<http://bugs.webkit.org/show_bug.cgi?id=18060>

Reviewed by Geoff Garen.

Bug fix:

API/JSCallbackObjectFunctions.h: (KJS::JSCallbackObject<Base>::toString): Make the DropAllLocks instance only be in scope while calling convertToType.

Test:

Location:

trunk/JavaScriptCore/API

Files:

-              r30534
+              r31350
     for (JSClassRef jsClass = m_class; jsClass; jsClass = jsClass->parentClass)
         if (JSObjectConvertToTypeCallback convertToType = jsClass->convertToType) {
+            JSLock::DropAllLocks dropAllLocks;
+            if (JSValueRef value = convertToType(ctx, thisRef, kJSTypeString, toRef(exec->exceptionSlot())))
+            JSValueRef value;
+            {
+                JSLock::DropAllLocks dropAllLocks;
+                value = convertToType(ctx, thisRef, kJSTypeString, toRef(exec->exceptionSlot()));
+            }
+            if (value)
                 return toJS(value)->getString();
+        }

-              r31296
+              r31350
     case kJSTypeNumber:
         return JSValueMakeNumber(context, 1);
+    case kJSTypeString:
+        {
+            JSStringRef string = JSStringCreateWithUTF8CString("MyObjectAsString");
+            JSValueRef result = JSValueMakeString(context, string);
+            JSStringRelease(string);
+            return result;
+        }
     default:
         break;

r28884	r31350
101	101	shouldBe("+MyObject", 1); // toNumber
102	102	shouldBe("(MyObject.toString())", "[object MyObject]"); // toString
	103	shouldBe("String(MyObject)", "MyObjectAsString"); // type conversion to string
103	104	shouldBe("MyObject - 0", NaN); // toPrimitive
104	105

Note: See TracChangeset for help on using the changeset viewer.