Fix exception check accounting in constructJSWebAssemblyCompileError().
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 31 Aug 2018 17:12:32 +0000 (17:12 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 31 Aug 2018 17:12:32 +0000 (17:12 +0000)
https://bugs.webkit.org/show_bug.cgi?id=189185
<rdar://problem/39786007>

Reviewed by Michael Saboff.

JSTests:

* stress/regress-189185.js: Added.
(new.WebAssembly.CompileError.valueOf):

Source/JavaScriptCore:

Also add an exception check in JSWebAssemblyModule::createStub() so that we don't
inadvertently overwrite a pre-existing exception (if present).

* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::createStub):
* wasm/js/WebAssemblyCompileErrorConstructor.cpp:
(JSC::constructJSWebAssemblyCompileError):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235558 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/regress-189185.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorConstructor.cpp

index d81ab87..613d700 100644 (file)
@@ -1,5 +1,16 @@
 2018-08-31  Mark Lam  <mark.lam@apple.com>
 
+        Fix exception check accounting in constructJSWebAssemblyCompileError().
+        https://bugs.webkit.org/show_bug.cgi?id=189185
+        <rdar://problem/39786007>
+
+        Reviewed by Michael Saboff.
+
+        * stress/regress-189185.js: Added.
+        (new.WebAssembly.CompileError.valueOf):
+
+2018-08-31  Mark Lam  <mark.lam@apple.com>
+
         Fix exception check accounting in JSDataView::defineOwnProperty().
         https://bugs.webkit.org/show_bug.cgi?id=189186
         <rdar://problem/39786049>
diff --git a/JSTests/stress/regress-189185.js b/JSTests/stress/regress-189185.js
new file mode 100644 (file)
index 0000000..d67f9d4
--- /dev/null
@@ -0,0 +1,7 @@
+//@ runDefault
+// This passes if it does not crash.
+new WebAssembly.CompileError({
+    valueOf() {
+        throw new Error();
+    }
+});
index 6a4e301..4d5e2e3 100644 (file)
@@ -1,5 +1,21 @@
 2018-08-31  Mark Lam  <mark.lam@apple.com>
 
+        Fix exception check accounting in constructJSWebAssemblyCompileError().
+        https://bugs.webkit.org/show_bug.cgi?id=189185
+        <rdar://problem/39786007>
+
+        Reviewed by Michael Saboff.
+
+        Also add an exception check in JSWebAssemblyModule::createStub() so that we don't
+        inadvertently overwrite a pre-existing exception (if present).
+
+        * wasm/js/JSWebAssemblyModule.cpp:
+        (JSC::JSWebAssemblyModule::createStub):
+        * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
+        (JSC::constructJSWebAssemblyCompileError):
+
+2018-08-31  Mark Lam  <mark.lam@apple.com>
+
         Gardening: ARMv7 build fix.
         https://bugs.webkit.org/show_bug.cgi?id=158911
 
index aebce0c..365bc70 100644 (file)
@@ -48,7 +48,9 @@ JSWebAssemblyModule* JSWebAssemblyModule::createStub(VM& vm, ExecState* exec, St
 {
     auto scope = DECLARE_THROW_SCOPE(vm);
     if (!result.has_value()) {
-        throwException(exec, scope, JSWebAssemblyCompileError::create(exec, vm, structure->globalObject()->WebAssemblyCompileErrorStructure(), result.error()));
+        auto* error = JSWebAssemblyCompileError::create(exec, vm, structure->globalObject()->WebAssemblyCompileErrorStructure(), result.error());
+        RETURN_IF_EXCEPTION(scope, nullptr);
+        throwException(exec, scope, error);
         return nullptr;
     }
 
index 46c5675..9f5cb65 100644 (file)
@@ -51,6 +51,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyCompileError(ExecState
     JSValue message = exec->argument(0);
     auto* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<InternalFunction*>(exec->jsCallee())->globalObject(vm)->WebAssemblyCompileErrorStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    scope.release();
     return JSValue::encode(JSWebAssemblyCompileError::create(exec, vm, structure, message));
 }