Bug 268942

Summary: REGRESSION(273782@main): Missing exception check in commonCallDirectEval()
Product: WebKit Reporter: Alexey Shvayka <ashvayka>
Component: JavaScriptCoreAssignee: Alexey Shvayka <ashvayka>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=268027

Alexey Shvayka
Reported 2024-02-07 13:25:15 PST
stress/regress-187074.js.default: This scope can throw a JS exception: eval @ ./interpreter/Interpreter.cpp:114 stress/regress-187074.js.default: (ExceptionScope::m_recursionDepth was 4) stress/regress-187074.js.default: But the exception was unchecked as of this scope: setUpCall @ ./llint/LLIntSlowPaths.cpp:1957 stress/regress-187074.js.default: (ExceptionScope::m_recursionDepth was 4) stress/regress-187074.js.default: stress/regress-187074.js.default: Unchecked exception detected at: stress/regress-187074.js.default: 1 0x10e5b5e48 JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&) stress/regress-187074.js.default: 2 0x10e59d918 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation) stress/regress-187074.js.default: 3 0x10e5962d0 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation) stress/regress-187074.js.default: 4 0x10df47dd8 JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue) stress/regress-187074.js.default: 5 0x10df39720 JSC::LLInt::commonCallDirectEval(JSC::CallFrame*, JSC::BaseInstruction<JSC::JSOpcodeTraits> const*, JSC::MacroAssemblerCodeRef<(WTF::PtrTag)1427>) stress/regress-187074.js.default: 6 0x10df394a4 llint_slow_path_call_direct_eval stress/regress-187074.js.default: 7 0x10ed105c4 llint_function_for_construct_arity_checkTagGateAfter
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-02-07 13:25:44 PST
<rdar://problem/122493988>
Alexey Shvayka
Comment 2 2024-02-07 13:57:33 PST
Pull request: https://github.com/WebKit/WebKit/pull/24032
EWS
Comment 3 2024-02-07 19:09:03 PST
Committed 274264@main (0bf37696c4bd): <https://commits.webkit.org/274264@main> Reviewed commits have been landed. Closing PR #24032 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.