RESOLVED FIXED 70360
Array.prototype methods missing exception checks 
https://bugs.webkit.org/show_bug.cgi?id=70360
Summary Array.prototype methods missing exception checks
Gavin Barraclough
Reported 2011-10-18 13:52:15 PDT
Missing exception checks after calls to the static getProperty helper, these may result in the wrong exception being thrown (or an ASSERT being hit, as is currently the case running test-262).
Attachments
Fix (17.25 KB, patch)
2011-10-18 13:54 PDT, Gavin Barraclough 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2011-10-18 13:54:24 PDT
Created attachment 111497 [details] Fix
Geoffrey Garen
Comment 2 2011-10-18 13:58:38 PDT
Comment on attachment 111497 [details] Fix Seems like you could remove a bunch of code at call sites if you folded the exception check into the getProperty helper function.
Gavin Barraclough
Comment 3 2011-10-18 14:50:35 PDT
I think having the helper actually hinders us here - since we need to force a return. The obvious thing would be to make the helper return JSValue() if there is an exception, but it already uses this value to indicate property-not-present. The best solution is likely to restructure the code to remove the helper, and make PropertySlot::getValue return JSValue() if an exception is thrown from a getter - but this is likely a bigger change, so I'm going to grab your r+ & run, and leave this refactoring for later!
Gavin Barraclough
Comment 4 2011-10-18 14:57:06 PDT
Fixed in r97791
Note You need to log in before you can comment on or make changes to this bug.