165012 – Fix exception scope verification failures in GenericArgumentsInlines.h.

RESOLVED FIXED Bug 165012

Fix exception scope verification failures in GenericArgumentsInlines.h.

https://bugs.webkit.org/show_bug.cgi?id=165012

Summary Fix exception scope verification failures in GenericArgumentsInlines.h.

Mark Lam

Reported 2016-11-21 15:03:36 PST

Patch coming.

Attachments
proposed patch. (1.72 KB, patch) 2016-11-21 15:06 PST, Mark Lam	saam: review+	Details Formatted Diff Diff
Patch for landing. (1.85 KB, patch) 2017-03-16 17:48 PDT, Mark Lam	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2016-11-21 15:06:36 PST

Created attachment 295315 [details] proposed patch.

Saam Barati

Comment 2 2016-11-21 15:10:20 PST

Comment on attachment 295315 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295315&action=review > Source/JavaScriptCore/runtime/GenericArgumentsInlines.h:213 > + RETURN_IF_EXCEPTION(scope, false); I wonder if this should be an assertion instead of a return. Why would this fail?

Mark Lam

Comment 3 2017-03-16 17:38:44 PDT

Comment on attachment 295315 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295315&action=review >> Source/JavaScriptCore/runtime/GenericArgumentsInlines.h:213 >> + RETURN_IF_EXCEPTION(scope, false); > > I wonder if this should be an assertion instead of a return. Why would this fail? I think you're right. As far as I can remember, the reason I added this check was because: 1. putDirectMayBeIndex() may call putDirectIndex() with mode PutDirectIndexLikePutDirect. 2. putDirectIndex() may call putDirectIndexBeyondVectorLength(). 3. putDirectIndexBeyondVectorLength() may call putDirectIndexBeyondVectorLengthWithArrayStorage(). 4. putDirectIndexBeyondVectorLengthWithArrayStorage() may throw if mode == PutDirectIndexShouldThrow. So, in our case here, we wouldn't expect an exception because the PutDirectIndexMode is never PutDirectIndexShouldThrow. I'll change this to an assert.

Mark Lam

Comment 4 2017-03-16 17:48:24 PDT

Created attachment 304729 [details] Patch for landing.

Mark Lam

Comment 5 2017-03-16 17:51:45 PDT

Thanks for the review. Landed in r214085: <http://trac.webkit.org/r214085>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2016-11-21 15:03 PST

Modified

2017-03-16 17:51 PDT History

CC List

7 users Show

URL

Keywords

Depends on

Blocks

162351

Dependancies

tree graph