[webkit-changes] [WebKit/WebKit] ddd9cb: [JSC] Throw OOM error if constructArrayNegativeInd...
Commit Queue
noreply at github.com
Fri Aug 25 14:29:09 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ddd9cbc5f5a7def601a5abb74cb0d8ea5f6a4585
https://github.com/WebKit/WebKit/commit/ddd9cbc5f5a7def601a5abb74cb0d8ea5f6a4585
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-08-25 (Fri, 25 Aug 2023)
Changed paths:
M Source/JavaScriptCore/runtime/JSArray.cpp
M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h
Log Message:
-----------
[JSC] Throw OOM error if constructArrayNegativeIndexed() fails to allocate
https://bugs.webkit.org/show_bug.cgi?id=260559
<rdar://114202373>
Reviewed by Mark Lam.
This change leverages AllocationFailureMode to throw an OOM error if constructArrayNegativeIndexed()
fails to allocate an array, which does happen in the wild (iOS apps).
All clients of constructArrayNegativeIndexed() were updated to correctly handle thrown exception.
* Source/JavaScriptCore/runtime/JSArray.cpp:
(JSC::constructArray):
(JSC::constructArrayNegativeIndexed):
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::constructArrayNegativeIndexed):
Canonical link: https://commits.webkit.org/267300@main
More information about the webkit-changes
mailing list