JSC::createError needs to check for OOM in errorDescriptionForValue
authortzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 22:12:12 +0000 (22:12 +0000)
committertzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 22:12:12 +0000 (22:12 +0000)
commit118f9831677f7d40a483dffeb6791f1ffb58b8c5
treedffe95ce892cb3aa9751ff698b6c9c981fa35b23
parent696d77c6a691207154eacdf509e19e4a9c4a587b
JSC::createError needs to check for OOM in errorDescriptionForValue
https://bugs.webkit.org/show_bug.cgi?id=196032
<rdar://problem/46842740>

Reviewed by Mark Lam.

JSTests:

* stress/create-error-out-of-memory-rope-string.js: Added.

Source/JavaScriptCore:

We were missing exceptions checks at two levels:
- In errorDescriptionForValue, when the value is a string, we should
  check that JSString::value returns a valid string, since we might run
  out of memory if it is a rope and we need to resolve it.
- In createError, we should check for the result of errorDescriptionForValue
  before concatenating it with the message provided by the caller.

* runtime/ExceptionHelpers.cpp:
(JSC::errorDescriptionForValue):
(JSC::createError):
* runtime/ExceptionHelpers.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243246 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/create-error-out-of-memory-rope-string.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/ExceptionHelpers.cpp
Source/JavaScriptCore/runtime/ExceptionHelpers.h