[webkit-changes] [264788] trunk

[ysuzuki]

Title: [264788] trunk

Revision

264788

Author

ysuz...@apple.com

Date

2020-07-23 13:37:39 -0700 (Thu, 23 Jul 2020)

Log Message

Add exception check for WebCore createRejectedPromiseWithTypeError
https://bugs.webkit.org/show_bug.cgi?id=214680
<rdar://problem/65925490>

Reviewed by Mark Lam.

Source/WebCore:

Test: js/dom/rejected-promise-creation-should-check-exception.html

Add missing exception checks in createRejectedPromiseWithTypeError.

* bindings/js/JSDOMAttribute.h:
(WebCore::IDLAttribute::get):
* bindings/js/JSDOMOperationReturningPromise.h:
(WebCore::IDLOperationReturningPromise::call):
(WebCore::IDLOperationReturningPromise::callReturningOwnPromise):
* bindings/js/JSDOMPromiseDeferred.cpp:
(WebCore::createRejectedPromiseWithTypeError):

LayoutTests:

* js/dom/rejected-promise-creation-should-check-exception-expected.txt: Added.
* js/dom/rejected-promise-creation-should-check-exception.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/bindings/js/JSDOMAttribute.h
• trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h
• trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp

Added Paths

• trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt
• trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html

Diff

Modified: trunk/LayoutTests/ChangeLog (264787 => 264788)

--- trunk/LayoutTests/ChangeLog	2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/LayoutTests/ChangeLog	2020-07-23 20:37:39 UTC (rev 264788)
@@ -1,3 +1,14 @@
+2020-07-23  Yusuke Suzuki  <ysuz...@apple.com>
+
+        Add exception check for WebCore createRejectedPromiseWithTypeError
+        https://bugs.webkit.org/show_bug.cgi?id=214680
+        <rdar://problem/65925490>
+
+        Reviewed by Mark Lam.
+
+        * js/dom/rejected-promise-creation-should-check-exception-expected.txt: Added.
+        * js/dom/rejected-promise-creation-should-check-exception.html: Added.
+
 2020-07-23  Karl Rackler  <rack...@apple.com>
 
         [ iOS wk2 ] imported/w3c/web-platform-tests/web-share/share-without-user-gesture.https.html is a constant timeout

Added: trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt (0 => 264788)

--- trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt	2020-07-23 20:37:39 UTC (rev 264788)
@@ -0,0 +1,9 @@
+Rejected promise creation should check exception
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html (0 => 264788)

--- trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html	                        (rev 0)
+++ trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html	2020-07-23 20:37:39 UTC (rev 264788)
@@ -0,0 +1,13 @@
+<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--validateExceptionChecks=true ] -->
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+description("Rejected promise creation should check exception");
+FontFace.prototype.load();
+</script>
+<script src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (264787 => 264788)

--- trunk/Source/WebCore/ChangeLog	2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/ChangeLog	2020-07-23 20:37:39 UTC (rev 264788)
@@ -1,3 +1,23 @@
+2020-07-23  Yusuke Suzuki  <ysuz...@apple.com>
+
+        Add exception check for WebCore createRejectedPromiseWithTypeError
+        https://bugs.webkit.org/show_bug.cgi?id=214680
+        <rdar://problem/65925490>
+
+        Reviewed by Mark Lam.
+
+        Test: js/dom/rejected-promise-creation-should-check-exception.html
+
+        Add missing exception checks in createRejectedPromiseWithTypeError.
+
+        * bindings/js/JSDOMAttribute.h:
+        (WebCore::IDLAttribute::get):
+        * bindings/js/JSDOMOperationReturningPromise.h:
+        (WebCore::IDLOperationReturningPromise::call):
+        (WebCore::IDLOperationReturningPromise::callReturningOwnPromise):
+        * bindings/js/JSDOMPromiseDeferred.cpp:
+        (WebCore::createRejectedPromiseWithTypeError):
+
 2020-07-23  Fujii Hironori  <hironori.fu...@sony.com>
 
         [CMake][Win] Build StructuredExceptionHandlerSuppressor.cpp and makesafeseh.asm only for AppleWin

Modified: trunk/Source/WebCore/bindings/js/JSDOMAttribute.h (264787 => 264788)

--- trunk/Source/WebCore/bindings/js/JSDOMAttribute.h	2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/bindings/js/JSDOMAttribute.h	2020-07-23 20:37:39 UTC (rev 264788)
@@ -74,7 +74,7 @@
             if (shouldThrow == CastedThisErrorBehavior::Throw)
                 return throwGetterTypeError(lexicalGlobalObject, throwScope, JSClass::info()->className, attributeName);
             if (shouldThrow == CastedThisErrorBehavior::RejectPromise)
-                return rejectPromiseWithGetterTypeError(lexicalGlobalObject, JSClass::info()->className, attributeName);
+                RELEASE_AND_RETURN(throwScope, rejectPromiseWithGetterTypeError(lexicalGlobalObject, JSClass::info()->className, attributeName));
             return JSC::JSValue::encode(JSC::jsUndefined());
         }
 

Modified: trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h (264787 => 264788)

--- trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h	2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h	2020-07-23 20:37:39 UTC (rev 264788)
@@ -43,7 +43,7 @@
             
             auto* thisObject = IDLOperation<JSClass>::cast(lexicalGlobalObject, callFrame);
             if (shouldThrow != CastedThisErrorBehavior::Assert && UNLIKELY(!thisObject))
-                return rejectPromiseWithThisTypeError(promise.get(), JSClass::info()->className, operationName);
+                RELEASE_AND_RETURN(throwScope, rejectPromiseWithThisTypeError(promise.get(), JSClass::info()->className, operationName));
             
             ASSERT(thisObject);
             ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info());
@@ -62,7 +62,7 @@
 
         auto* thisObject = IDLOperation<JSClass>::cast(lexicalGlobalObject, callFrame);
         if (shouldThrow != CastedThisErrorBehavior::Assert && UNLIKELY(!thisObject))
-            return rejectPromiseWithThisTypeError(lexicalGlobalObject, JSClass::info()->className, operationName);
+            RELEASE_AND_RETURN(throwScope, rejectPromiseWithThisTypeError(lexicalGlobalObject, JSClass::info()->className, operationName));
 
         ASSERT(thisObject);
         ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info());

Modified: trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp (264787 => 264788)

--- trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp	2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp	2020-07-23 20:37:39 UTC (rev 264788)
@@ -220,14 +220,17 @@
 JSC::EncodedJSValue createRejectedPromiseWithTypeError(JSC::JSGlobalObject& lexicalGlobalObject, const String& errorMessage, RejectedPromiseWithTypeErrorCause cause)
 {
     auto& globalObject = lexicalGlobalObject;
+    auto& vm = lexicalGlobalObject.vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
 
     auto promiseConstructor = globalObject.promiseConstructor();
-    auto rejectFunction = promiseConstructor->get(&lexicalGlobalObject, lexicalGlobalObject.vm().propertyNames->builtinNames().rejectPrivateName());
+    auto rejectFunction = promiseConstructor->get(&lexicalGlobalObject, vm.propertyNames->builtinNames().rejectPrivateName());
+    RETURN_IF_EXCEPTION(scope, { });
     auto* rejectionValue = static_cast<ErrorInstance*>(createTypeError(&lexicalGlobalObject, errorMessage));
     if (cause == RejectedPromiseWithTypeErrorCause::NativeGetter)
         rejectionValue->setNativeGetterTypeError();
 
-    auto callData = getCallData(lexicalGlobalObject.vm(), rejectFunction);
+    auto callData = getCallData(vm, rejectFunction);
     ASSERT(callData.type != CallData::Type::None);
 
     MarkedArgumentBuffer arguments;
@@ -234,7 +237,7 @@
     arguments.append(rejectionValue);
     ASSERT(!arguments.hasOverflowed());
 
-    return JSValue::encode(call(&lexicalGlobalObject, rejectFunction, callData, promiseConstructor, arguments));
+    RELEASE_AND_RETURN(scope, JSValue::encode(call(&lexicalGlobalObject, rejectFunction, callData, promiseConstructor, arguments)));
 }
 
 static inline JSC::JSValue parseAsJSON(JSC::JSGlobalObject* lexicalGlobalObject, const String& data)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes