Bug 70360 - Array.prototype methods missing exception checks
Summary: Array.prototype methods missing exception checks
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-18 13:52 PDT by Gavin Barraclough
Modified: 2011-10-18 14:57 PDT (History)
0 users

See Also:

Attachments
Fix (17.25 KB, patch)
2011-10-18 13:54 PDT, Gavin Barraclough 		ggaren: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gavin Barraclough 2011-10-18 13:52:15 PDT 
Missing exception checks after calls to the static getProperty helper, these may result in the wrong exception being thrown (or an ASSERT being hit, as is currently the case running test-262).
Comment 1 Gavin Barraclough 2011-10-18 13:54:24 PDT 
Created attachment 111497 [details]
Fix
Comment 2 Geoffrey Garen 2011-10-18 13:58:38 PDT 
Comment on attachment 111497 [details]
Fix

Seems like you could remove a bunch of code at call sites if you folded the exception check into the getProperty helper function.
Comment 3 Gavin Barraclough 2011-10-18 14:50:35 PDT 
I think having the helper actually hinders us here - since we need to force a return.  The obvious thing would be to make the helper return JSValue() if there is an exception, but it already uses this value to indicate property-not-present.

The best solution is likely to restructure the code to remove the helper, and make PropertySlot::getValue return JSValue() if an exception is thrown from a getter - but this is likely a bigger change, so I'm going to grab your r+ & run, and leave this refactoring for later!
Comment 4 Gavin Barraclough 2011-10-18 14:57:06 PDT 
Fixed in r97791