Fix exception scope verification failures in DateConstructor.cpp and DatePrototype...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 21 Nov 2016 01:31:20 +0000 (01:31 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 21 Nov 2016 01:31:20 +0000 (01:31 +0000)
https://bugs.webkit.org/show_bug.cgi?id=164995

Reviewed by Darin Adler.

* runtime/DateConstructor.cpp:
(JSC::millisecondsFromComponents):
(JSC::constructDate):
* runtime/DatePrototype.cpp:
(JSC::dateProtoFuncToPrimitiveSymbol):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@208935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/DateConstructor.cpp
Source/JavaScriptCore/runtime/DatePrototype.cpp

index 19bd80dbd882b8408ae8e82da6180878e8a6c434..4a2f734c7a4404d4200cdde59db0d800bfd5c4e4 100644 (file)
@@ -1,3 +1,16 @@
+2016-11-20  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception scope verification failures in DateConstructor.cpp and DatePrototype.cpp.
+        https://bugs.webkit.org/show_bug.cgi?id=164995
+
+        Reviewed by Darin Adler.
+
+        * runtime/DateConstructor.cpp:
+        (JSC::millisecondsFromComponents):
+        (JSC::constructDate):
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToPrimitiveSymbol):
+
 2016-11-20  Caitlin Potter  <caitp@igalia.com>
 
         [JSC] speed up parsing of async functions
index a4f3f8461580ebea37f5d1154cd7f86ac068ceeb..18e0e8c838984475c49d16ce60e228523630db49 100644 (file)
@@ -109,15 +109,14 @@ void DateConstructor::finishCreation(VM& vm, DatePrototype* datePrototype)
 
 static double millisecondsFromComponents(ExecState* exec, const ArgList& args, WTF::TimeType timeType)
 {
-    double doubleArguments[] = {
-        args.at(0).toNumber(exec), 
-        args.at(1).toNumber(exec), 
-        args.at(2).toNumber(exec), 
-        args.at(3).toNumber(exec), 
-        args.at(4).toNumber(exec), 
-        args.at(5).toNumber(exec), 
-        args.at(6).toNumber(exec)
-    };
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    double doubleArguments[7];
+    for (int i = 0; i < 7; i++) {
+        doubleArguments[i] = args.at(i).toNumber(exec);
+        RETURN_IF_EXCEPTION(scope, 0);
+    }
 
     int numArgs = args.size();
 
@@ -140,7 +139,7 @@ static double millisecondsFromComponents(ExecState* exec, const ArgList& args, W
     t.setSecond(JSC::toInt32(doubleArguments[5]));
     t.setIsDST(-1);
     double ms = (numArgs >= 7) ? doubleArguments[6] : 0;
-    return gregorianDateTimeToMS(exec->vm(), t, ms, timeType);
+    return gregorianDateTimeToMS(vm, t, ms, timeType);
 }
 
 // ECMA 15.9.3
@@ -159,6 +158,7 @@ JSObject* constructDate(ExecState* exec, JSGlobalObject* globalObject, JSValue n
             value = asDateInstance(args.at(0))->internalNumber();
         else {
             JSValue primitive = args.at(0).toPrimitive(exec);
+            RETURN_IF_EXCEPTION(scope, nullptr);
             if (primitive.isString())
                 value = parseDate(vm, primitive.getString(exec));
             else
@@ -166,6 +166,7 @@ JSObject* constructDate(ExecState* exec, JSGlobalObject* globalObject, JSValue n
         }
     } else
         value = millisecondsFromComponents(exec, args, WTF::LocalTime);
+    RETURN_IF_EXCEPTION(scope, nullptr);
 
     Structure* dateStructure = InternalFunction::createSubclassStructure(exec, newTarget, globalObject->dateStructure());
     RETURN_IF_EXCEPTION(scope, nullptr);
index 24e4091e5ff08f6fbef9e2d92a32585e16a26970..78886db97f2e4d090a6ed89b5beacb02090e6ee5 100644 (file)
@@ -620,6 +620,7 @@ EncodedJSValue JSC_HOST_CALL dateProtoFuncToPrimitiveSymbol(ExecState* exec)
     if (type == NoPreference)
         type = PreferString;
 
+    scope.release();
     return JSValue::encode(thisObject->ordinaryToPrimitive(exec, type));
 }