Diff
Modified: trunk/LayoutTests/ChangeLog (264787 => 264788)
--- trunk/LayoutTests/ChangeLog 2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/LayoutTests/ChangeLog 2020-07-23 20:37:39 UTC (rev 264788)
@@ -1,3 +1,14 @@
+2020-07-23 Yusuke Suzuki <ysuz...@apple.com>
+
+ Add exception check for WebCore createRejectedPromiseWithTypeError
+ https://bugs.webkit.org/show_bug.cgi?id=214680
+ <rdar://problem/65925490>
+
+ Reviewed by Mark Lam.
+
+ * js/dom/rejected-promise-creation-should-check-exception-expected.txt: Added.
+ * js/dom/rejected-promise-creation-should-check-exception.html: Added.
+
2020-07-23 Karl Rackler <rack...@apple.com>
[ iOS wk2 ] imported/w3c/web-platform-tests/web-share/share-without-user-gesture.https.html is a constant timeout
Added: trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt (0 => 264788)
--- trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception-expected.txt 2020-07-23 20:37:39 UTC (rev 264788)
@@ -0,0 +1,9 @@
+Rejected promise creation should check exception
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html (0 => 264788)
--- trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html (rev 0)
+++ trunk/LayoutTests/js/dom/rejected-promise-creation-should-check-exception.html 2020-07-23 20:37:39 UTC (rev 264788)
@@ -0,0 +1,13 @@
+<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--validateExceptionChecks=true ] -->
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+description("Rejected promise creation should check exception");
+FontFace.prototype.load();
+</script>
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (264787 => 264788)
--- trunk/Source/WebCore/ChangeLog 2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/ChangeLog 2020-07-23 20:37:39 UTC (rev 264788)
@@ -1,3 +1,23 @@
+2020-07-23 Yusuke Suzuki <ysuz...@apple.com>
+
+ Add exception check for WebCore createRejectedPromiseWithTypeError
+ https://bugs.webkit.org/show_bug.cgi?id=214680
+ <rdar://problem/65925490>
+
+ Reviewed by Mark Lam.
+
+ Test: js/dom/rejected-promise-creation-should-check-exception.html
+
+ Add missing exception checks in createRejectedPromiseWithTypeError.
+
+ * bindings/js/JSDOMAttribute.h:
+ (WebCore::IDLAttribute::get):
+ * bindings/js/JSDOMOperationReturningPromise.h:
+ (WebCore::IDLOperationReturningPromise::call):
+ (WebCore::IDLOperationReturningPromise::callReturningOwnPromise):
+ * bindings/js/JSDOMPromiseDeferred.cpp:
+ (WebCore::createRejectedPromiseWithTypeError):
+
2020-07-23 Fujii Hironori <hironori.fu...@sony.com>
[CMake][Win] Build StructuredExceptionHandlerSuppressor.cpp and makesafeseh.asm only for AppleWin
Modified: trunk/Source/WebCore/bindings/js/JSDOMAttribute.h (264787 => 264788)
--- trunk/Source/WebCore/bindings/js/JSDOMAttribute.h 2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/bindings/js/JSDOMAttribute.h 2020-07-23 20:37:39 UTC (rev 264788)
@@ -74,7 +74,7 @@
if (shouldThrow == CastedThisErrorBehavior::Throw)
return throwGetterTypeError(lexicalGlobalObject, throwScope, JSClass::info()->className, attributeName);
if (shouldThrow == CastedThisErrorBehavior::RejectPromise)
- return rejectPromiseWithGetterTypeError(lexicalGlobalObject, JSClass::info()->className, attributeName);
+ RELEASE_AND_RETURN(throwScope, rejectPromiseWithGetterTypeError(lexicalGlobalObject, JSClass::info()->className, attributeName));
return JSC::JSValue::encode(JSC::jsUndefined());
}
Modified: trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h (264787 => 264788)
--- trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h 2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h 2020-07-23 20:37:39 UTC (rev 264788)
@@ -43,7 +43,7 @@
auto* thisObject = IDLOperation<JSClass>::cast(lexicalGlobalObject, callFrame);
if (shouldThrow != CastedThisErrorBehavior::Assert && UNLIKELY(!thisObject))
- return rejectPromiseWithThisTypeError(promise.get(), JSClass::info()->className, operationName);
+ RELEASE_AND_RETURN(throwScope, rejectPromiseWithThisTypeError(promise.get(), JSClass::info()->className, operationName));
ASSERT(thisObject);
ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info());
@@ -62,7 +62,7 @@
auto* thisObject = IDLOperation<JSClass>::cast(lexicalGlobalObject, callFrame);
if (shouldThrow != CastedThisErrorBehavior::Assert && UNLIKELY(!thisObject))
- return rejectPromiseWithThisTypeError(lexicalGlobalObject, JSClass::info()->className, operationName);
+ RELEASE_AND_RETURN(throwScope, rejectPromiseWithThisTypeError(lexicalGlobalObject, JSClass::info()->className, operationName));
ASSERT(thisObject);
ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info());
Modified: trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp (264787 => 264788)
--- trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp 2020-07-23 20:34:46 UTC (rev 264787)
+++ trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp 2020-07-23 20:37:39 UTC (rev 264788)
@@ -220,14 +220,17 @@
JSC::EncodedJSValue createRejectedPromiseWithTypeError(JSC::JSGlobalObject& lexicalGlobalObject, const String& errorMessage, RejectedPromiseWithTypeErrorCause cause)
{
auto& globalObject = lexicalGlobalObject;
+ auto& vm = lexicalGlobalObject.vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
auto promiseConstructor = globalObject.promiseConstructor();
- auto rejectFunction = promiseConstructor->get(&lexicalGlobalObject, lexicalGlobalObject.vm().propertyNames->builtinNames().rejectPrivateName());
+ auto rejectFunction = promiseConstructor->get(&lexicalGlobalObject, vm.propertyNames->builtinNames().rejectPrivateName());
+ RETURN_IF_EXCEPTION(scope, { });
auto* rejectionValue = static_cast<ErrorInstance*>(createTypeError(&lexicalGlobalObject, errorMessage));
if (cause == RejectedPromiseWithTypeErrorCause::NativeGetter)
rejectionValue->setNativeGetterTypeError();
- auto callData = getCallData(lexicalGlobalObject.vm(), rejectFunction);
+ auto callData = getCallData(vm, rejectFunction);
ASSERT(callData.type != CallData::Type::None);
MarkedArgumentBuffer arguments;
@@ -234,7 +237,7 @@
arguments.append(rejectionValue);
ASSERT(!arguments.hasOverflowed());
- return JSValue::encode(call(&lexicalGlobalObject, rejectFunction, callData, promiseConstructor, arguments));
+ RELEASE_AND_RETURN(scope, JSValue::encode(call(&lexicalGlobalObject, rejectFunction, callData, promiseConstructor, arguments)));
}
static inline JSC::JSValue parseAsJSON(JSC::JSGlobalObject* lexicalGlobalObject, const String& data)