Title: [197011] trunk/Source/_javascript_Core
- Revision
- 197011
- Author
- [email protected]
- Date
- 2016-02-23 20:39:29 -0800 (Tue, 23 Feb 2016)
Log Message
arrayProtoFuncConcat doesn't check for an exception after allocating an array
https://bugs.webkit.org/show_bug.cgi?id=154621
Reviewed by Michael Saboff.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncConcat):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (197010 => 197011)
--- trunk/Source/_javascript_Core/ChangeLog 2016-02-24 04:26:45 UTC (rev 197010)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-02-24 04:39:29 UTC (rev 197011)
@@ -1,3 +1,13 @@
+2016-02-23 Saam barati <[email protected]>
+
+ arrayProtoFuncConcat doesn't check for an exception after allocating an array
+ https://bugs.webkit.org/show_bug.cgi?id=154621
+
+ Reviewed by Michael Saboff.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncConcat):
+
2016-02-23 Dan Bernstein <[email protected]>
[Xcode] Linker errors display mangled names, but no longer should
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (197010 => 197011)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2016-02-24 04:26:45 UTC (rev 197010)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2016-02-24 04:39:29 UTC (rev 197011)
@@ -632,6 +632,8 @@
else {
// We add the newTarget because the compiler gets confused between 0 being a number and a pointer.
result = constructEmptyArray(exec, nullptr, 0, JSValue());
+ if (exec->hadException())
+ return JSValue::encode(jsUndefined());
}
curArg = thisValue.toObject(exec);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
