Add missing exception check.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 18 May 2018 21:46:13 +0000 (21:46 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 18 May 2018 21:46:13 +0000 (21:46 +0000)
https://bugs.webkit.org/show_bug.cgi?id=185786
<rdar://problem/35686560>

Reviewed by Michael Saboff.

JSTests:

* stress/regress-185786.js: Added.

Source/JavaScriptCore:

* runtime/JSPropertyNameEnumerator.h:
(JSC::propertyNameEnumerator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231983 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/regress-185786.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.h

index 2b9337e..5983914 100644 (file)
@@ -1,3 +1,13 @@
+2018-05-18  Mark Lam  <mark.lam@apple.com>
+
+        Add missing exception check.
+        https://bugs.webkit.org/show_bug.cgi?id=185786
+        <rdar://problem/35686560>
+
+        Reviewed by Michael Saboff.
+
+        * stress/regress-185786.js: Added.
+
 2018-05-16  Filip Pizlo  <fpizlo@apple.com>
 
         JSC should have InstanceOf inline caching
 2018-05-16  Filip Pizlo  <fpizlo@apple.com>
 
         JSC should have InstanceOf inline caching
diff --git a/JSTests/stress/regress-185786.js b/JSTests/stress/regress-185786.js
new file mode 100644 (file)
index 0000000..f822e28
--- /dev/null
@@ -0,0 +1,22 @@
+function foo() {
+    return new Proxy({},
+        new Proxy({}, {
+            get: function () {
+                throw "expected exception";
+            }
+        })
+    ); 
+}
+
+var a = foo();
+var b = Object.create(a);
+
+var exception;
+try {
+    for (var v in b) { }
+} catch (e) {
+    exception = e;
+}
+
+if (exception != "expected exception")
+    throw "FAIL";
index 167646d..71e84aa 100644 (file)
@@ -1,3 +1,14 @@
+2018-05-18  Mark Lam  <mark.lam@apple.com>
+
+        Add missing exception check.
+        https://bugs.webkit.org/show_bug.cgi?id=185786
+        <rdar://problem/35686560>
+
+        Reviewed by Michael Saboff.
+
+        * runtime/JSPropertyNameEnumerator.h:
+        (JSC::propertyNameEnumerator):
+
 2018-05-18  Jer Noble  <jer.noble@apple.com>
 
         Complete fix for enabling modern EME by default
 2018-05-18  Jer Noble  <jer.noble@apple.com>
 
         Complete fix for enabling modern EME by default
index 570c883..d55aac7 100644 (file)
@@ -122,14 +122,13 @@ inline JSPropertyNameEnumerator* propertyNameEnumerator(ExecState* exec, JSObjec
         numberStructureProperties = propertyNames.size();
 
         base->methodTable(vm)->getGenericPropertyNames(base, exec, propertyNames, EnumerationMode());
         numberStructureProperties = propertyNames.size();
 
         base->methodTable(vm)->getGenericPropertyNames(base, exec, propertyNames, EnumerationMode());
-        scope.assertNoException();
     } else {
         // Generic property names vector contains all indexed property names.
         // So disable indexed property enumeration phase by setting |indexedLength| to 0.
         indexedLength = 0;
         base->methodTable(vm)->getPropertyNames(base, exec, propertyNames, EnumerationMode());
     } else {
         // Generic property names vector contains all indexed property names.
         // So disable indexed property enumeration phase by setting |indexedLength| to 0.
         indexedLength = 0;
         base->methodTable(vm)->getPropertyNames(base, exec, propertyNames, EnumerationMode());
-        RETURN_IF_EXCEPTION(scope, nullptr);
     }
     }
+    RETURN_IF_EXCEPTION(scope, nullptr);
 
     ASSERT(propertyNames.size() < UINT32_MAX);
 
 
     ASSERT(propertyNames.size() < UINT32_MAX);