Make JSValue::strictEqual() handle failures to resolve JSRopeStrings.
https://bugs.webkit.org/show_bug.cgi?id=160832
<rdar://problem/27577556>
Reviewed by Geoffrey Garen.
Currently, JSValue::strictEqualSlowCaseInline() (and peers) will blindly try to
access the StringImpl of a JSRopeString that fails to resolve its rope. As a
result, we'll crash with null pointer dereferences.
We can fix this by introducing a JSString::equal() method that will do the
equality comparison, but is aware of the potential failures to resolve ropes.
JSValue::strictEqualSlowCaseInline() (and peers) will now call JSString::equal()
instead of accessing the underlying StringImpl directly.
Also added some exception checks.
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/JITOperations.cpp:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqualSlowCaseInline):
* runtime/JSString.cpp:
(JSC::JSString::equalSlowCase):
* runtime/JSString.h:
* runtime/JSStringInlines.h: Added.
(JSC::JSString::equal):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@204485 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/runtime/JSString.cpp b/Source/JavaScriptCore/runtime/JSString.cpp
index 4f60374..7537d50 100644
--- a/Source/JavaScriptCore/runtime/JSString.cpp
+++ b/Source/JavaScriptCore/runtime/JSString.cpp
@@ -72,6 +72,15 @@
out.printf(">");
}
+bool JSString::equalSlowCase(ExecState* exec, JSString* other) const
+{
+ String str1 = value(exec);
+ String str2 = other->value(exec);
+ if (exec->hadException())
+ return false;
+ return WTF::equal(*str1.impl(), *str2.impl());
+}
+
size_t JSString::estimatedSize(JSCell* cell)
{
JSString* thisObject = jsCast<JSString*>(cell);
