Bug 189855

Summary: JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, fpizlo, graouts, keith_miller, msaboff, realdawei, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 189558    
Bug Blocks:    
Attachments:
Description Flags
proposed patch. none

Mark Lam
Reported 2018-09-21 13:35:15 PDT
<rdar://problem/44680181>
Attachments
proposed patch. (5.62 KB, patch)
2018-09-21 13:45 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2018-09-21 13:45:22 PDT
Created attachment 350418 [details] proposed patch.
Mark Lam
Comment 2 2018-09-21 15:52:40 PDT
Comment on attachment 350418 [details] proposed patch. Thanks for the review. Landing now.
WebKit Commit Bot
Comment 3 2018-09-21 16:18:24 PDT
Comment on attachment 350418 [details] proposed patch. Clearing flags on attachment: 350418 Committed r236369: <https://trac.webkit.org/changeset/236369>
WebKit Commit Bot
Comment 4 2018-09-21 16:18:26 PDT
All reviewed patches have been landed. Closing bug.
Yusuke Suzuki
Comment 5 2018-09-22 04:58:01 PDT
Oops, thank you for fixing it!!!
Alexey Proskuryakov
Comment 6 2018-09-22 15:17:19 PDT
*** Bug 189830 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 7 2018-09-22 15:20:05 PDT
Comment on attachment 350418 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=350418&action=review > Source/JavaScriptCore/ChangeLog:3 > + JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState. What's the test coverage for this fix? Per Dawei's comment in bug 189558, Speedometer started to crash, but did regression tests crash too? It would be less than ideal if a performance test remained our only defense.
Note You need to log in before you can comment on or make changes to this bug.