Fix exception scope verification failures in GenericArgumentsInlines.h.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 Mar 2017 00:51:01 +0000 (00:51 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 Mar 2017 00:51:01 +0000 (00:51 +0000)
https://bugs.webkit.org/show_bug.cgi?id=165012

Reviewed by Saam Barati.

* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::defineOwnProperty):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@214085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/GenericArgumentsInlines.h

index e86735e..bcdcc82 100644 (file)
@@ -1,3 +1,13 @@
+2017-03-16  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception scope verification failures in GenericArgumentsInlines.h.
+        https://bugs.webkit.org/show_bug.cgi?id=165012
+
+        Reviewed by Saam Barati.
+
+        * runtime/GenericArgumentsInlines.h:
+        (JSC::GenericArguments<Type>::defineOwnProperty):
+
 2017-03-16  Simon Fraser  <simon.fraser@apple.com>
 
         Improve the system tracing points
index e9ec01f..0c33bbb 100644 (file)
@@ -200,6 +200,7 @@ bool GenericArguments<Type>::defineOwnProperty(JSObject* object, ExecState* exec
 {
     Type* thisObject = jsCast<Type*>(object);
     VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
     
     if (ident == vm.propertyNames->length
         || ident == vm.propertyNames->callee
@@ -226,7 +227,8 @@ bool GenericArguments<Type>::defineOwnProperty(JSObject* object, ExecState* exec
                     JSValue value = thisObject->getIndexQuickly(index);
                     ASSERT(value);
                     object->putDirectMayBeIndex(exec, ident, value);
-                    
+                    ASSERT(!scope.exception());
+
                     thisObject->setModifiedArgumentDescriptor(vm, index);
                 }
             }
@@ -250,6 +252,7 @@ bool GenericArguments<Type>::defineOwnProperty(JSObject* object, ExecState* exec
     }
 
     // Now just let the normal object machinery do its thing.
+    scope.release();
     return Base::defineOwnProperty(object, exec, ident, descriptor, shouldThrow);
 }