Google Git
Sign in
webkit / WebKit / 2a0aecef68e2ca0674a52b051412def7e6b01404^! / .
commit2a0aecef68e2ca0674a52b051412def7e6b01404[log] [tgz]
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat Jan 15 00:44:17 2022 +0000
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat Jan 15 00:44:17 2022 +0000
treed86110894f88d8d7b7c24543e6e1f7721ad05afd
parent41e20887218fad4849acd4fe760875560cd41b1e [diff]
JSStringJoiner's constructor should take a size_t length.
https://bugs.webkit.org/show_bug.cgi?id=235217
rdar://87538657

Reviewed by Yusuke Suzuki.

JSTests:

* stress/max-typed-array-length-toString.js: Added.

Source/JavaScriptCore:

Also removed an unnecessary exception check in JSStringJoiner::append().
This is because appendWithoutSideEffects() cannot throw any exceptions.

* runtime/JSStringJoiner.h:
(JSC::JSStringJoiner::JSStringJoiner):
(JSC::JSStringJoiner::append):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@288037 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog
index 2c0c502..ec70c1c 100644
--- a/JSTests/ChangeLog
+++ b/JSTests/ChangeLog

@@ -1,3 +1,13 @@
+2022-01-14  Mark Lam  <mark.lam@apple.com>
+
+        JSStringJoiner's constructor should take a size_t length.
+        https://bugs.webkit.org/show_bug.cgi?id=235217
+        rdar://87538657
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/max-typed-array-length-toString.js: Added.
+
 2022-01-14  Alexey Shvayka  <ashvayka@apple.com>
 
         JSArray::fastSlice() should not convert the source from CoW

diff --git a/JSTests/stress/max-typed-array-length-toString.js b/JSTests/stress/max-typed-array-length-toString.js
new file mode 100644
index 0000000..0b15e6f
--- /dev/null
+++ b/JSTests/stress/max-typed-array-length-toString.js

@@ -0,0 +1,14 @@
+//@ skip if $architecture != "arm64" && $architecture != "x86-64"
+
+var exception;
+try {
+    var memory = new WebAssembly.Memory({
+        initial: 65536
+    });
+    new Uint8Array(memory.buffer).toString();
+} catch (e) {
+    exception = e;
+}
+
+if (exception != "RangeError: Out of memory")
+    throw "FAILED: " + exception;

diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index d1e7f26..6f96d4e 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog

@@ -1,3 +1,18 @@
+2022-01-14  Mark Lam  <mark.lam@apple.com>
+
+        JSStringJoiner's constructor should take a size_t length.
+        https://bugs.webkit.org/show_bug.cgi?id=235217
+        rdar://87538657
+
+        Reviewed by Yusuke Suzuki.
+
+        Also removed an unnecessary exception check in JSStringJoiner::append().
+        This is because appendWithoutSideEffects() cannot throw any exceptions.
+
+        * runtime/JSStringJoiner.h:
+        (JSC::JSStringJoiner::JSStringJoiner):
+        (JSC::JSStringJoiner::append):
+
 2022-01-14  Alexey Shvayka  <ashvayka@apple.com>
 
         JSArray::fastSlice() should not convert the source from CoW

diff --git a/Source/JavaScriptCore/runtime/JSStringJoiner.h b/Source/JavaScriptCore/runtime/JSStringJoiner.h
index 74e8892..6a72692 100644
--- a/Source/JavaScriptCore/runtime/JSStringJoiner.h
+++ b/Source/JavaScriptCore/runtime/JSStringJoiner.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -33,8 +33,8 @@
 
 class JSStringJoiner {
 public:
-    JSStringJoiner(JSGlobalObject*, LChar separator, unsigned stringCount);
-    JSStringJoiner(JSGlobalObject*, StringView separator, unsigned stringCount);
+    JSStringJoiner(JSGlobalObject*, LChar separator, size_t stringCount);
+    JSStringJoiner(JSGlobalObject*, StringView separator, size_t stringCount);
     ~JSStringJoiner();
 
     void append(JSGlobalObject*, JSValue);
@@ -57,7 +57,7 @@
     bool m_isAll8Bit { true };
 };
 
-inline JSStringJoiner::JSStringJoiner(JSGlobalObject* globalObject, StringView separator, unsigned stringCount)
+inline JSStringJoiner::JSStringJoiner(JSGlobalObject* globalObject, StringView separator, size_t stringCount)
     : m_separator(separator)
     , m_isAll8Bit(m_separator.is8Bit())
 {
@@ -67,7 +67,7 @@
         throwOutOfMemoryError(globalObject, scope);
 }
 
-inline JSStringJoiner::JSStringJoiner(JSGlobalObject* globalObject, LChar separator, unsigned stringCount)
+inline JSStringJoiner::JSStringJoiner(JSGlobalObject* globalObject, LChar separator, size_t stringCount)
     : m_singleCharacterSeparator(separator)
     , m_separator { &m_singleCharacterSeparator, 1 }
 {
@@ -152,7 +152,6 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
 
     bool success = appendWithoutSideEffects(globalObject, value);
-    RETURN_IF_EXCEPTION(scope, void());
     if (!success) {
         JSString* jsString = value.toString(globalObject);
         RETURN_IF_EXCEPTION(scope, void());