Patch coming.
Created attachment 295384 [details] proposed patch.
Comment on attachment 295384 [details] proposed patch. It is invalid to replace returning encodedJSValue() with returning { }. On 32-bit builds, the former is non-zero, while the latter is 0. Will fix this patch.
Created attachment 295427 [details] proposed patch.
Comment on attachment 295427 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295427&action=review > Source/JavaScriptCore/runtime/ProxyObject.cpp:944 > bool targetIsExensible = target->isExtensible(exec); > + RETURN_IF_EXCEPTION(scope, void()); This seems like it could be easily testable through JS code by ensuring that getOwnPropertyNames below is not called if this throws an exception.
(In reply to comment #4) > Comment on attachment 295427 [details] > proposed patch. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=295427&action=review > > > Source/JavaScriptCore/runtime/ProxyObject.cpp:944 > > bool targetIsExensible = target->isExtensible(exec); > > + RETURN_IF_EXCEPTION(scope, void()); > > This seems like it could be easily testable through JS code by ensuring that > getOwnPropertyNames below is not called if this throws an exception. I thought this was easy too, but upon trying, I found that it is easy to replicate the condition of the unchecked exception, however, it is not easy to create a condition where the unchecked exception is detectable. This is because the exception will eventually get checked at many places before the VM gets back to any JS code that can observe the issue. Hence, I won't be able to write this test. I'll land this patch as is.
Thanks for the review. Landed in r209080: <http://trac.webkit.org/r209080>.