| Summary: | [JSC] Fix invalid exception checks after recent ErrorInstance changes | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Ross Kirsling <ross.kirsling> | ||||||
| Component: | New Bugs | Assignee: | Ross Kirsling <ross.kirsling> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | ashvayka, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
|
Description
Ross Kirsling
2021-05-08 16:33:44 PDT
Created attachment 428096 [details]
Patch
Comment on attachment 428096 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=428096&action=review Fancy! r=me with nits. > Source/JavaScriptCore/runtime/JSObjectInlines.h:201 > + EXCEPTION_ASSERT(!scope.exception() || !hasProperty); Please consider exception check in JSObject::get(): https://github.com/WebKit/WebKit/blob/f418737fae10f605d08e4de1a2ea0f37d977b28f/Source/JavaScriptCore/runtime/JSObject.h#L1500. I wonder if we need to handle termination exception as well, since HasProperty can be implemented by userland code? > Source/JavaScriptCore/runtime/JSObjectInlines.h:204 > + scope.release(); > Source/JavaScriptCore/runtime/JSObjectInlines.h:206 > + RELEASE_AND_RETURN(scope, get(globalObject, propertyName)); return get(globalObject, propertyName); > Source/JavaScriptCore/runtime/JSObjectInlines.h:208 > + RELEASE_AND_RETURN(scope, slot.getValue(globalObject, propertyName)); return slot.getValue(globalObject, propertyName); Created attachment 428106 [details]
Patch for landing
Committed r277238 (237507@main): <https://commits.webkit.org/237507@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 428106 [details]. |