Skip to site navigation (Press enter)

[webkit-changes] [236128] releases/WebKitGTK/webkit-2.22

carlosgc Tue, 18 Sep 2018 08:40:29 -0700

Title: [236128] releases/WebKitGTK/webkit-2.22

Revision: 236128
Author: carlo...@webkit.org
Date: 2018-09-18 08:39:04 -0700 (Tue, 18 Sep 2018)

Log Message

Merge r235558 - Fix exception check accounting in constructJSWebAssemblyCompileError().
https://bugs.webkit.org/show_bug.cgi?id=189185
<rdar://problem/39786007>


Reviewed by Michael Saboff.

JSTests:

* stress/regress-189185.js: Added.
(new.WebAssembly.CompileError.valueOf):

Source/_javascript_Core:

Also add an exception check in JSWebAssemblyModule::createStub() so that we don't
inadvertently overwrite a pre-existing exception (if present).

* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::createStub):
* wasm/js/WebAssemblyCompileErrorConstructor.cpp:
(JSC::constructJSWebAssemblyCompileError):

Modified Paths

releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog
releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/JSWebAssemblyModule.cpp
releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/WebAssemblyCompileErrorConstructor.cpp

Added Paths

releases/WebKitGTK/webkit-2.22/JSTests/stress/regress-189185.js

Diff

Modified: releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog (236127 => 236128)


--- releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog	2018-09-18 15:38:58 UTC (rev 236127)
+++ releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog	2018-09-18 15:39:04 UTC (rev 236128)
@@ -1,5 +1,16 @@
 2018-08-31  Mark Lam  <mark....@apple.com>
 
+        Fix exception check accounting in constructJSWebAssemblyCompileError().
+        https://bugs.webkit.org/show_bug.cgi?id=189185
+        <rdar://problem/39786007>
+
+        Reviewed by Michael Saboff.
+
+        * stress/regress-189185.js: Added.
+        (new.WebAssembly.CompileError.valueOf):
+
+2018-08-31  Mark Lam  <mark....@apple.com>
+
         Fix exception check accounting in JSDataView::defineOwnProperty().
         https://bugs.webkit.org/show_bug.cgi?id=189186
         <rdar://problem/39786049>

Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/regress-189185.js (0 => 236128)


--- releases/WebKitGTK/webkit-2.22/JSTests/stress/regress-189185.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.22/JSTests/stress/regress-189185.js	2018-09-18 15:39:04 UTC (rev 236128)
@@ -0,0 +1,7 @@
+//@ runDefault
+// This passes if it does not crash.
+new WebAssembly.CompileError({
+    valueOf() {
+        throw new Error();
+    }
+});

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (236127 => 236128)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog	2018-09-18 15:38:58 UTC (rev 236127)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog	2018-09-18 15:39:04 UTC (rev 236128)
@@ -1,5 +1,21 @@
 2018-08-31  Mark Lam  <mark....@apple.com>
 
+        Fix exception check accounting in constructJSWebAssemblyCompileError().
+        https://bugs.webkit.org/show_bug.cgi?id=189185
+        <rdar://problem/39786007>
+
+        Reviewed by Michael Saboff.
+
+        Also add an exception check in JSWebAssemblyModule::createStub() so that we don't
+        inadvertently overwrite a pre-existing exception (if present).
+
+        * wasm/js/JSWebAssemblyModule.cpp:
+        (JSC::JSWebAssemblyModule::createStub):
+        * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
+        (JSC::constructJSWebAssemblyCompileError):
+
+2018-08-31  Mark Lam  <mark....@apple.com>
+
         Gardening: ARMv7 build fix.
         https://bugs.webkit.org/show_bug.cgi?id=158911

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/JSWebAssemblyModule.cpp (236127 => 236128)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/JSWebAssemblyModule.cpp	2018-09-18 15:38:58 UTC (rev 236127)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/JSWebAssemblyModule.cpp	2018-09-18 15:39:04 UTC (rev 236128)
@@ -48,7 +48,9 @@
 {
     auto scope = DECLARE_THROW_SCOPE(vm);
     if (!result.has_value()) {
-        throwException(exec, scope, JSWebAssemblyCompileError::create(exec, vm, structure->globalObject()->WebAssemblyCompileErrorStructure(), result.error()));
+        auto* error = JSWebAssemblyCompileError::create(exec, vm, structure->globalObject()->WebAssemblyCompileErrorStructure(), result.error());
+        RETURN_IF_EXCEPTION(scope, nullptr);
+        throwException(exec, scope, error);
         return nullptr;
     }

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/WebAssemblyCompileErrorConstructor.cpp (236127 => 236128)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/WebAssemblyCompileErrorConstructor.cpp	2018-09-18 15:38:58 UTC (rev 236127)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/wasm/js/WebAssemblyCompileErrorConstructor.cpp	2018-09-18 15:39:04 UTC (rev 236128)
@@ -51,6 +51,7 @@
     JSValue message = exec->argument(0);
     auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->WebAssemblyCompileErrorStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    scope.release();
     return JSValue::encode(JSWebAssemblyCompileError::create(exec, vm, structure, message));
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes