[webkit-changes] [236132] releases/WebKitGTK/webkit-2.22

Tue, 18 Sep 2018 08:40:48 -0700

Title: [236132] releases/WebKitGTK/webkit-2.22
Revision
236132
Author
carlo...@webkit.org
Date
2018-09-18 08:39:41 -0700 (Tue, 18 Sep 2018)

Log Message

Merge r235582 - Function object should convert params to string before throw a parsing error
https://bugs.webkit.org/show_bug.cgi?id=188874

Reviewed by Darin Adler.

JSTests:

* stress/function-body-to-string-before-parameter-syntax-check.js: Added.
(shouldThrow):

Source/_javascript_Core:

ToString operation onto the `body` of the Function constructor should be performed
before checking syntax correctness of the parameters.

* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog (236131 => 236132)


--- releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog	2018-09-18 15:39:35 UTC (rev 236131)
+++ releases/WebKitGTK/webkit-2.22/JSTests/ChangeLog	2018-09-18 15:39:41 UTC (rev 236132)
@@ -1,3 +1,13 @@
+2018-08-24  Yusuke Suzuki  <yusukesuz...@slowstart.org>
+
+        Function object should convert params to string before throw a parsing error
+        https://bugs.webkit.org/show_bug.cgi?id=188874
+
+        Reviewed by Darin Adler.
+
+        * stress/function-body-to-string-before-parameter-syntax-check.js: Added.
+        (shouldThrow):
+
 2018-08-31  Mark Lam  <mark....@apple.com>
 
         Fix exception check accounting in constructJSWebAssemblyCompileError().

Added: releases/WebKitGTK/webkit-2.22/JSTests/stress/function-body-to-string-before-parameter-syntax-check.js (0 => 236132)


--- releases/WebKitGTK/webkit-2.22/JSTests/stress/function-body-to-string-before-parameter-syntax-check.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.22/JSTests/stress/function-body-to-string-before-parameter-syntax-check.js	2018-09-18 15:39:41 UTC (rev 236132)
@@ -0,0 +1,60 @@
+function shouldBe(actual, expected) {
+    if (actual !== expected)
+        throw new Error('bad value: ' + actual);
+}
+
+function shouldThrow(func, errorMessage) {
+    var errorThrown = false;
+    var error = null;
+    try {
+        func();
+    } catch (e) {
+        errorThrown = true;
+        error = e;
+    }
+    if (!errorThrown)
+        throw new Error('not thrown');
+    if (String(error) !== errorMessage)
+        throw new Error(`bad error: ${String(error)}`);
+}
+
+shouldThrow(() => {
+    Function("@", { toString() { throw 42; } })
+}, `42`);
+
+var counter = 0;
+class Parameter {
+    constructor(index)
+    {
+        this.index = index;
+    }
+
+    toString() {
+        shouldBe(this.index, counter);
+        counter++;
+        return `x${this.index}`;
+    }
+};
+
+class Body {
+    constructor(index)
+    {
+        this.index = index;
+    }
+
+    toString() {
+        shouldBe(this.index, counter);
+        counter++;
+        return `42`;
+    }
+};
+
+var parameters = [];
+for (var i = 0; i < 50; ++i) {
+    parameters.push(new Parameter(parameters.length));
+    var args = parameters.slice();
+    args.push(new Body(args.length));
+    counter = 0;
+    Function.apply(this, args);
+    shouldBe(counter, args.length);
+}

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog (236131 => 236132)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog	2018-09-18 15:39:35 UTC (rev 236131)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/ChangeLog	2018-09-18 15:39:41 UTC (rev 236132)
@@ -1,3 +1,16 @@
+2018-08-24  Yusuke Suzuki  <yusukesuz...@slowstart.org>
+
+        Function object should convert params to string before throw a parsing error
+        https://bugs.webkit.org/show_bug.cgi?id=188874
+
+        Reviewed by Darin Adler.
+
+        ToString operation onto the `body` of the Function constructor should be performed
+        before checking syntax correctness of the parameters.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunctionSkippingEvalEnabledCheck):
+
 2018-08-31  Mark Lam  <mark....@apple.com>
 
         Fix exception check accounting in constructJSWebAssemblyCompileError().

Modified: releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/FunctionConstructor.cpp (236131 => 236132)


--- releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/FunctionConstructor.cpp	2018-09-18 15:39:35 UTC (rev 236131)
+++ releases/WebKitGTK/webkit-2.22/Source/_javascript_Core/runtime/FunctionConstructor.cpp	2018-09-18 15:39:41 UTC (rev 236132)
@@ -139,6 +139,8 @@
             RETURN_IF_EXCEPTION(scope, nullptr);
             parameterBuilder.append(viewWithString.view);
         }
+        auto body = args.at(args.size() - 1).toWTFString(exec);
+        RETURN_IF_EXCEPTION(scope, nullptr);
 
         {
             // The spec mandates that the parameters parse as a valid parameter list
@@ -155,8 +157,6 @@
 
         builder.append(parameterBuilder);
         builder.appendLiteral(") {\n");
-        auto body = args.at(args.size() - 1).toWTFString(exec);
-        RETURN_IF_EXCEPTION(scope, nullptr);
         checkBody(body);
         RETURN_IF_EXCEPTION(scope, nullptr);
         builder.append(body);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to