Bug 182631 - [Payment Request] Crash in PaymentRequest::canMakePayment() when Apple Pay payment method data is missing required fields
Summary: [Payment Request] Crash in PaymentRequest::canMakePayment() when Apple Pay pa...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Andy Estes
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-02-08 17:01 PST by Andy Estes
Modified: 2018-02-09 11:09 PST (History)
8 users (show)

See Also:


Attachments
Patch (6.85 KB, patch)
2018-02-08 17:15 PST, Andy Estes
no flags Details | Formatted Diff | Diff
Patch (6.84 KB, patch)
2018-02-09 09:59 PST, Andy Estes
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andy Estes 2018-02-08 17:01:14 PST
[Payment Request] Crash in PaymentRequest::canMakePayment() when Apple Pay payment method data is missing required fields
Comment 1 Andy Estes 2018-02-08 17:15:18 PST
Created attachment 333435 [details]
Patch
Comment 2 Mark Lam 2018-02-08 17:20:50 PST
Comment on attachment 333435 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=333435&action=review

r=me with suggestions.

> Source/WebCore/ChangeLog:16
> +        release assertion is raised about there being an unexpected exception in the VM.

I suggest /being/seeing/.

> Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp:493
> +        auto scope = DECLARE_CATCH_SCOPE(document.execState()->vm());

Is there a reason to put the CatchScope in here instead of at the top of the function?  As a convention, the only time we should declare it in this local scope is if there are parts of this function outside of this scope that can throw exceptions.  Is that true?  If not, I suggest moving this declaration to the top of the function.
Comment 3 Andy Estes 2018-02-08 17:24:49 PST
(In reply to Mark Lam from comment #2)
> Comment on attachment 333435 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=333435&action=review
> 
> Is there a reason to put the CatchScope in here instead of at the top of the
> function?  As a convention, the only time we should declare it in this local
> scope is if there are parts of this function outside of this scope that can
> throw exceptions.  Is that true?  If not, I suggest moving this declaration
> to the top of the function.

I was just being conservative. I wasn't sure if it was ok to call clearException() more than once on the same CatchScope. Now that I look more closely, I see that clearException() just calls through to the VM, so this must be ok. I'll move the scope outside the loop.

Thanks for reviewing!
Comment 4 Andy Estes 2018-02-08 17:27:01 PST
(And no, nothing outside the loop throws)
Comment 5 Andy Estes 2018-02-09 09:59:23 PST
Created attachment 333497 [details]
Patch
Comment 6 WebKit Commit Bot 2018-02-09 11:07:34 PST
Comment on attachment 333497 [details]
Patch

Clearing flags on attachment: 333497

Committed r228331: <https://trac.webkit.org/changeset/228331>
Comment 7 WebKit Commit Bot 2018-02-09 11:07:35 PST
All reviewed patches have been landed.  Closing bug.
Comment 8 Radar WebKit Bug Importer 2018-02-09 11:09:33 PST
<rdar://problem/37398029>