Bug 165049 - Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
Summary: Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
Depends on:
Blocks: 162351
  Show dependency treegraph
 
Reported: 2016-11-23 11:48 PST by Mark Lam
Modified: 2016-11-28 15:08 PST (History)
7 users (show)

See Also:

Attachments
proposed patch. (6.68 KB, patch)
2016-11-23 11:53 PST, Mark Lam 		saam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2016-11-23 11:48:52 PST 
Patch coming.
Comment 1 Mark Lam 2016-11-23 11:53:45 PST 
Created attachment 295374 [details]
proposed patch.
Comment 2 Saam Barati 2016-11-28 14:12:07 PST 
Comment on attachment 295374 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=295374&action=review

> Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp:103
>      auto scope = DECLARE_THROW_SCOPE(vm);
>      JSValue thisValue = exec->argument(0);
> +    scope.release();

Why not just get rid of this exception scope?
Comment 3 Mark Lam 2016-11-28 15:04:45 PST 
Comment on attachment 295374 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=295374&action=review

>> Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp:103
>> +    scope.release();
> 
> Why not just get rid of this exception scope?

I can't do that.  CALL_GENERIC_TYPEDARRAY_PROTOTYPE_FUNCTION() below uses the scope to throw a VMTypeError.
Comment 4 Mark Lam 2016-11-28 15:08:32 PST 
Thanks for the review.  Landed in r209027: <http://trac.webkit.org/r209027>.