Add missing exception check in canonicalizeLocaleList
authorjustin_michaud@apple.com <justin_michaud@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Aug 2019 18:18:04 +0000 (18:18 +0000)
committerjustin_michaud@apple.com <justin_michaud@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Aug 2019 18:18:04 +0000 (18:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=201021

Reviewed by Mark Lam.

JSTests:

* stress/missing-exception-check-in-canonicalizeLocaleList.js: Added.
(catch):

Source/JavaScriptCore:

* runtime/IntlObject.cpp:
(JSC::canonicalizeLocaleList):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249020 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/missing-exception-check-in-canonicalizeLocaleList.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/IntlObject.cpp

index e308c10..2c43851 100644 (file)
@@ -1,3 +1,13 @@
+2019-08-22  Justin Michaud  <justin_michaud@apple.com>
+
+        Add missing exception check in canonicalizeLocaleList
+        https://bugs.webkit.org/show_bug.cgi?id=201021
+
+        Reviewed by Mark Lam.
+
+        * stress/missing-exception-check-in-canonicalizeLocaleList.js: Added.
+        (catch):
+
 2019-08-21  Mark Lam  <mark.lam@apple.com>
 
         Wasm::FunctionParser is failing to enforce maxFunctionLocals.
diff --git a/JSTests/stress/missing-exception-check-in-canonicalizeLocaleList.js b/JSTests/stress/missing-exception-check-in-canonicalizeLocaleList.js
new file mode 100644 (file)
index 0000000..6dcc92c
--- /dev/null
@@ -0,0 +1,20 @@
+try {
+const s1 = (-1).toLocaleString().padEnd(2**31-1, 'aa');
+'a'.toLocaleLowerCase(s1);
+} catch (e) { exception = e }
+if (exception != "Error: Out of memory")
+    throw "FAILED";
+
+try {
+const s1 = (-1).toLocaleString().padEnd(2**31-1, 'aa');
+'a'.toLocaleUpperCase(s1);
+} catch (e) { exception2 = e }
+if (exception2 != "Error: Out of memory")
+    throw "FAILED";
+
+try {
+const s1 = (-1).toLocaleString().padEnd(2**31-1, 'aa');
+'a'.localeCompare('b', s1);
+} catch (e) { exception3 = e }
+if (exception3 != "Error: Out of memory")
+    throw "FAILED";
index 5adce80..aa83936 100644 (file)
@@ -1,3 +1,13 @@
+2019-08-22  Justin Michaud  <justin_michaud@apple.com>
+
+        Add missing exception check in canonicalizeLocaleList
+        https://bugs.webkit.org/show_bug.cgi?id=201021
+
+        Reviewed by Mark Lam.
+
+        * runtime/IntlObject.cpp:
+        (JSC::canonicalizeLocaleList):
+
 2019-08-17  Darin Adler  <darin@apple.com>
 
         Use makeString and multi-argument StringBuilder::append instead of less efficient multiple appends
index 8ccb7e0..be5aec0 100644 (file)
@@ -549,9 +549,12 @@ Vector<String> canonicalizeLocaleList(ExecState& state, JSValue locales)
             JSString* tag = kValue.toString(&state);
             RETURN_IF_EXCEPTION(scope, Vector<String>());
 
-            String canonicalizedTag = canonicalizeLanguageTag(tag->value(&state));
+            auto tagValue = tag->value(&state);
+            RETURN_IF_EXCEPTION(scope, Vector<String>());
+
+            String canonicalizedTag = canonicalizeLanguageTag(tagValue);
             if (canonicalizedTag.isNull()) {
-                throwException(&state, scope, createRangeError(&state, "invalid language tag: " + tag->value(&state)));
+                throwException(&state, scope, createRangeError(&state, "invalid language tag: " + tagValue));
                 return Vector<String>();
             }