Bug 165049

Summary: Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, ggaren, jfbastien, keith_miller, msaboff, saam, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 162351    
Attachments:
Description Flags
proposed patch. saam: review+

Mark Lam
Reported 2016-11-23 11:48:52 PST
Patch coming.
Attachments
proposed patch. (6.68 KB, patch)
2016-11-23 11:53 PST, Mark Lam 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2016-11-23 11:53:45 PST
Created attachment 295374 [details] proposed patch.
Saam Barati
Comment 2 2016-11-28 14:12:07 PST
Comment on attachment 295374 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295374&action=review > Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp:103 > auto scope = DECLARE_THROW_SCOPE(vm); > JSValue thisValue = exec->argument(0); > + scope.release(); Why not just get rid of this exception scope?
Mark Lam
Comment 3 2016-11-28 15:04:45 PST
Comment on attachment 295374 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295374&action=review >> Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp:103 >> + scope.release(); > > Why not just get rid of this exception scope? I can't do that. CALL_GENERIC_TYPEDARRAY_PROTOTYPE_FUNCTION() below uses the scope to throw a VMTypeError.
Mark Lam
Comment 4 2016-11-28 15:08:32 PST
Thanks for the review. Landed in r209027: <http://trac.webkit.org/r209027>.
Note You need to log in before you can comment on or make changes to this bug.