[webkit-changes] [214743] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Mon, 03 Apr 2017 00:24:07 -0700

Title: [214743] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core
Revision
214743
Author
carlo...@webkit.org
Date
2017-04-03 00:23:50 -0700 (Mon, 03 Apr 2017)

Log Message

Merge r214005 - Fix missing exception checks in Interpreter.cpp.
https://bugs.webkit.org/show_bug.cgi?id=164964

Reviewed by Saam Barati.

* interpreter/Interpreter.cpp:
(JSC::eval):
(JSC::sizeOfVarargs):
(JSC::sizeFrameForVarargs):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
(JSC::Interpreter::execute):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214742 => 214743)


--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:21:54 UTC (rev 214742)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 07:23:50 UTC (rev 214743)
@@ -1,3 +1,20 @@
+2017-03-15  Mark Lam  <mark....@apple.com>
+
+        Fix missing exception checks in Interpreter.cpp.
+        https://bugs.webkit.org/show_bug.cgi?id=164964
+
+        Reviewed by Saam Barati.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::eval):
+        (JSC::sizeOfVarargs):
+        (JSC::sizeFrameForVarargs):
+        (JSC::Interpreter::executeProgram):
+        (JSC::Interpreter::executeCall):
+        (JSC::Interpreter::executeConstruct):
+        (JSC::Interpreter::prepareForRepeatCall):
+        (JSC::Interpreter::execute):
+
 2017-03-14  Tomas Popela  <tpop...@redhat.com>
 
         Wrong condition in offlineasm/risc.rb

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp (214742 => 214743)


--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp	2017-04-03 07:21:54 UTC (rev 214742)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/interpreter/Interpreter.cpp	2017-04-03 07:23:50 UTC (rev 214743)
@@ -137,12 +137,16 @@
         if (!callerCodeBlock->isStrictMode()) {
             if (programSource.is8Bit()) {
                 LiteralParser<LChar> preparser(callFrame, programSource.characters8(), programSource.length(), NonStrictJSON);
-                if (JSValue parsedObject = preparser.tryLiteralParse())
+                if (JSValue parsedObject = preparser.tryLiteralParse()) {
+                    scope.release();
                     return parsedObject;
+                }
             } else {
                 LiteralParser<UChar> preparser(callFrame, programSource.characters16(), programSource.length(), NonStrictJSON);
-                if (JSValue parsedObject = preparser.tryLiteralParse())
-                    return parsedObject;                
+                if (JSValue parsedObject = preparser.tryLiteralParse()) {
+                    scope.release();
+                    return parsedObject;
+                }
             }
         }
         
@@ -152,6 +156,7 @@
         VariableEnvironment variablesUnderTDZ;
         JSScope::collectClosureVariablesUnderTDZ(callerScopeChain, variablesUnderTDZ);
         eval = DirectEvalExecutable::create(callFrame, makeSource(programSource, callerCodeBlock->source()->sourceOrigin()), callerCodeBlock->isStrictMode(), derivedContextType, isArrowFunctionContext, evalContextType, &variablesUnderTDZ);
+        ASSERT(!!scope.exception() == !eval);
         if (!eval)
             return jsUndefined();
 
@@ -160,6 +165,7 @@
 
     JSValue thisValue = callerFrame->thisValue();
     Interpreter* interpreter = vm.interpreter;
+    scope.release();
     return interpreter->execute(eval, callFrame, thisValue, callerScopeChain);
 }
 
@@ -193,10 +199,9 @@
     default:
         RELEASE_ASSERT(arguments.isObject());
         length = getLength(callFrame, jsCast<JSObject*>(cell));
-        RETURN_IF_EXCEPTION(scope, 0);
         break;
     }
-
+    RETURN_IF_EXCEPTION(scope, 0);
     
     if (length >= firstVarArgOffset)
         length -= firstVarArgOffset;
@@ -223,7 +228,8 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
 
     unsigned length = sizeOfVarargs(callFrame, arguments, firstVarArgOffset);
-    
+    RETURN_IF_EXCEPTION(scope, 0);
+
     CallFrame* calleeFrame = calleeFrameForVarargs(callFrame, numUsedStackSlots, length + 1);
     if (UNLIKELY(length > maxArguments || !vm.ensureStackCapacityFor(calleeFrame->registers()))) {
         throwStackOverflowError(callFrame, scope);
@@ -763,6 +769,7 @@
         parseResult = literalParser.tryJSONPParse(JSONPData, scope->globalObject()->globalObjectMethodTable()->supportsRichSourceInfo(scope->globalObject()));
     }
 
+    RETURN_IF_EXCEPTION(throwScope, { });
     if (parseResult) {
         JSGlobalObject* globalObject = scope->globalObject();
         JSValue result;
@@ -847,7 +854,9 @@
     VMEntryScope entryScope(vm, scope->globalObject());
 
     // Compile source to bytecode if necessary:
-    if (JSObject* error = program->initializeGlobalProperties(vm, callFrame, scope))
+    JSObject* error = program->initializeGlobalProperties(vm, callFrame, scope);
+    ASSERT(!throwScope.exception() || !error);
+    if (UNLIKELY(error))
         return checkedReturn(throwException(callFrame, throwScope, error));
 
     ProgramCodeBlock* codeBlock;
@@ -854,9 +863,9 @@
     {
         CodeBlock* tempCodeBlock;
         JSObject* error = program->prepareForExecution<ProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
-        ASSERT(!throwScope.exception() || throwScope.exception() == jsDynamicCast<Exception*>(vm, error));
-        if (error)
-            return checkedReturn(throwException(callFrame, throwScope, error));
+        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(error));
+        if (UNLIKELY(error))
+            return checkedReturn(error);
         codeBlock = jsCast<ProgramCodeBlock*>(tempCodeBlock);
     }
 
@@ -872,8 +881,8 @@
     protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), thisObj, 1);
 
     // Execute the code:
+    throwScope.release();
     JSValue result = program->generatedJITCode()->execute(&vm, &protoCallFrame);
-    throwScope.release();
     return checkedReturn(result);
 }
 
@@ -911,7 +920,7 @@
         JSObject* compileError = callData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(function), scope, CodeForCall, newCodeBlock);
         ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
         if (UNLIKELY(!!compileError))
-            return checkedReturn(throwException(callFrame, throwScope, compileError));
+            return checkedReturn(compileError);
 
         ASSERT(!!newCodeBlock);
         newCodeBlock->m_shouldAlwaysBeInlined = false;
@@ -928,8 +937,8 @@
     {
         // Execute the code:
         if (isJSCall) {
+            throwScope.release();
             result = callData.js.functionExecutable->generatedJITCodeForCall()->execute(&vm, &protoCallFrame);
-            throwScope.release();
         } else {
             result = JSValue::decode(vmEntryToNative(reinterpret_cast<void*>(callData.native.function), &vm, &protoCallFrame));
             RETURN_IF_EXCEPTION(throwScope, JSValue());
@@ -973,8 +982,9 @@
     if (isJSConstruct) {
         // Compile the callee:
         JSObject* compileError = constructData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(constructor), scope, CodeForConstruct, newCodeBlock);
+        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
         if (UNLIKELY(!!compileError))
-            return checkedReturn(throwException(callFrame, throwScope, compileError));
+            return checkedReturn(compileError);
 
         ASSERT(!!newCodeBlock);
         newCodeBlock->m_shouldAlwaysBeInlined = false;
@@ -1009,7 +1019,7 @@
 {
     VM& vm = *scope->vm();
     auto throwScope = DECLARE_THROW_SCOPE(vm);
-    ASSERT(!throwScope.exception());
+    ASSERT_UNUSED(throwScope, !throwScope.exception());
     
     if (vm.isCollectorBusyOnCurrentThread())
         return CallFrameClosure();
@@ -1017,10 +1027,9 @@
     // Compile the callee:
     CodeBlock* newCodeBlock;
     JSObject* error = functionExecutable->prepareForExecution<FunctionExecutable>(vm, function, scope, CodeForCall, newCodeBlock);
-    if (error) {
-        throwException(callFrame, throwScope, error);
+    ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(error));
+    if (UNLIKELY(error))
         return CallFrameClosure();
-    }
     newCodeBlock->m_shouldAlwaysBeInlined = false;
 
     size_t argsCount = argumentCountIncludingThis;
@@ -1047,6 +1056,7 @@
         return throwTerminatedExecutionException(closure.oldCallFrame, throwScope);
 
     // Execute the code:
+    throwScope.release();
     JSValue result = closure.functionExecutable->generatedJITCodeForCall()->execute(&vm, closure.protoCallFrame);
 
     return checkedReturn(result);
@@ -1096,8 +1106,9 @@
     {
         CodeBlock* tempCodeBlock;
         JSObject* compileError = eval->prepareForExecution<EvalExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
+        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
         if (UNLIKELY(!!compileError))
-            return checkedReturn(throwException(callFrame, throwScope, compileError));
+            return checkedReturn(compileError);
         codeBlock = jsCast<EvalCodeBlock*>(tempCodeBlock);
     }
 
@@ -1131,9 +1142,12 @@
 
         for (unsigned i = 0; i < numVariables; ++i) {
             const Identifier& ident = codeBlock->variable(i);
-            if (!variableObject->hasProperty(callFrame, ident)) {
+            bool hasProperty = variableObject->hasProperty(callFrame, ident);
+            RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+            if (!hasProperty) {
                 PutPropertySlot slot(variableObject);
                 variableObject->methodTable()->put(variableObject, callFrame, ident, jsUndefined(), slot);
+                RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
             }
         }
 
@@ -1141,6 +1155,7 @@
             FunctionExecutable* function = codeBlock->functionDecl(i);
             PutPropertySlot slot(variableObject);
             variableObject->methodTable()->put(variableObject, callFrame, function->name(), JSFunction::create(vm, function, scope), slot);
+            RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
         }
     }
 
@@ -1153,6 +1168,7 @@
     protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), thisValue, 1);
 
     // Execute the code:
+    throwScope.release();
     JSValue result = eval->generatedJITCode()->execute(&vm, &protoCallFrame);
 
     return checkedReturn(result);
@@ -1178,8 +1194,9 @@
     {
         CodeBlock* tempCodeBlock;
         JSObject* compileError = executable->prepareForExecution<ModuleProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
+        ASSERT(throwScope.exception() == reinterpret_cast<Exception*>(compileError));
         if (UNLIKELY(!!compileError))
-            return checkedReturn(throwException(callFrame, throwScope, compileError));
+            return checkedReturn(compileError);
         codeBlock = jsCast<ModuleProgramCodeBlock*>(tempCodeBlock);
     }
 
@@ -1198,6 +1215,7 @@
     protoCallFrame.init(codeBlock, JSCallee::create(vm, scope->globalObject(), scope), jsUndefined(), 1);
 
     // Execute the code:
+    throwScope.release();
     JSValue result = executable->generatedJITCode()->execute(&vm, &protoCallFrame);
 
     return checkedReturn(result);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to