Title: [243665] trunk
- Revision
- 243665
- Author
- tzaga...@apple.com
- Date
- 2019-03-29 14:53:54 -0700 (Fri, 29 Mar 2019)
Log Message
Assertion failed in JSC::createError
https://bugs.webkit.org/show_bug.cgi?id=196305
<rdar://problem/49387382>
Reviewed by Saam Barati.
JSTests:
* stress/create-error-out-of-memory-rope-string-2.js: Added.
(assert):
(catch):
Source/_javascript_Core:
JSC::createError assumes that `errorDescriptionForValue` will either
throw an exception or return a valid description string. However, that
is not true if the value is a rope string and we successfully resolve it,
but later fail to wrap the string in quotes with `tryMakeString`.
* runtime/ExceptionHelpers.cpp:
(JSC::createError):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (243664 => 243665)
--- trunk/JSTests/ChangeLog 2019-03-29 21:52:53 UTC (rev 243664)
+++ trunk/JSTests/ChangeLog 2019-03-29 21:53:54 UTC (rev 243665)
@@ -1,3 +1,15 @@
+2019-03-29 Tadeu Zagallo <tzaga...@apple.com>
+
+ Assertion failed in JSC::createError
+ https://bugs.webkit.org/show_bug.cgi?id=196305
+ <rdar://problem/49387382>
+
+ Reviewed by Saam Barati.
+
+ * stress/create-error-out-of-memory-rope-string-2.js: Added.
+ (assert):
+ (catch):
+
2019-03-28 Saam Barati <sbar...@apple.com>
BackwardsGraph needs to consider back edges as the backward's root successor
Added: trunk/JSTests/stress/create-error-out-of-memory-rope-string-2.js (0 => 243665)
--- trunk/JSTests/stress/create-error-out-of-memory-rope-string-2.js (rev 0)
+++ trunk/JSTests/stress/create-error-out-of-memory-rope-string-2.js 2019-03-29 21:53:54 UTC (rev 243665)
@@ -0,0 +1,12 @@
+function assert(a, message) {
+ if (!a)
+ throw new Error(message);
+}
+
+try {
+ const var_1 = 'a'.padStart(2147483648 - 1);
+ new var_1();
+ assert(false, `Should throw OOM error`);
+} catch (error) {
+ assert(error.message == "Out of memory", "Expected OutOfMemoryError, but got: " + error);
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (243664 => 243665)
--- trunk/Source/_javascript_Core/ChangeLog 2019-03-29 21:52:53 UTC (rev 243664)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-03-29 21:53:54 UTC (rev 243665)
@@ -1,3 +1,19 @@
+2019-03-29 Tadeu Zagallo <tzaga...@apple.com>
+
+ Assertion failed in JSC::createError
+ https://bugs.webkit.org/show_bug.cgi?id=196305
+ <rdar://problem/49387382>
+
+ Reviewed by Saam Barati.
+
+ JSC::createError assumes that `errorDescriptionForValue` will either
+ throw an exception or return a valid description string. However, that
+ is not true if the value is a rope string and we successfully resolve it,
+ but later fail to wrap the string in quotes with `tryMakeString`.
+
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createError):
+
2019-03-29 Devin Rousso <drou...@apple.com>
Web Inspector: add fast returns for instrumentation hooks that have no affect before a frontend is connected
Modified: trunk/Source/_javascript_Core/runtime/ExceptionHelpers.cpp (243664 => 243665)
--- trunk/Source/_javascript_Core/runtime/ExceptionHelpers.cpp 2019-03-29 21:52:53 UTC (rev 243664)
+++ trunk/Source/_javascript_Core/runtime/ExceptionHelpers.cpp 2019-03-29 21:53:54 UTC (rev 243665)
@@ -275,8 +275,7 @@
auto scope = DECLARE_CATCH_SCOPE(vm);
String valueDescription = errorDescriptionForValue(exec, value);
- ASSERT(scope.exception() || !!valueDescription);
- if (!valueDescription) {
+ if (scope.exception() || !valueDescription) {
scope.clearException();
return createOutOfMemoryError(exec);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
