Bug 165049

Summary: Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, ggaren, jfbastien, keith_miller, msaboff, saam, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 162351    
Attachments:
Description Flags
proposed patch. saam: review+

Description Mark Lam 2016-11-23 11:48:52 PST 
Patch coming.
Comment 1 Mark Lam 2016-11-23 11:53:45 PST 
Created attachment 295374 [details]
proposed patch.
Comment 2 Saam Barati 2016-11-28 14:12:07 PST 
Comment on attachment 295374 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=295374&action=review

> Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp:103
>      auto scope = DECLARE_THROW_SCOPE(vm);
>      JSValue thisValue = exec->argument(0);
> +    scope.release();

Why not just get rid of this exception scope?
Comment 3 Mark Lam 2016-11-28 15:04:45 PST 
Comment on attachment 295374 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=295374&action=review

>> Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp:103
>> +    scope.release();
> 
> Why not just get rid of this exception scope?

I can't do that.  CALL_GENERIC_TYPEDARRAY_PROTOTYPE_FUNCTION() below uses the scope to throw a VMTypeError.
Comment 4 Mark Lam 2016-11-28 15:08:32 PST 
Thanks for the review.  Landed in r209027: <http://trac.webkit.org/r209027>.