WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 154340
StringPrototype functions should check for exceptions after calling JSString::value().
https://bugs.webkit.org/show_bug.cgi?id=154340
Summary
StringPrototype functions should check for exceptions after calling JSString:...
Mark Lam
Reported
2016-02-17 10:15:30 PST
JSString::value() can throw an exception if the JS string is a rope and value() needs to resolve the rope but encounters an OutOfMemory error. If value() is not able to resolve the rope, it will return a null string (in addition to throwing the exception). If StringPrototype functions do not check for exceptions after calling JSString::value(), they may eventually use the returned null string and crash the VM. The fix is to add all the necessary exception checks, and do the appropriate handling if needed.
Attachments
proposed patch.
(13.18 KB, patch)
2016-02-17 11:30 PST
,
Mark Lam
fpizlo
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Lam
Comment 1
2016-02-17 10:16:39 PST
<
rdar://problem/24662137
>
Mark Lam
Comment 2
2016-02-17 11:30:32 PST
Created
attachment 271568
[details]
proposed patch.
Mark Lam
Comment 3
2016-02-17 14:04:51 PST
Thanks for the review. Landed in
r196721
: <
http://trac.webkit.org/r196721
>.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug