[webkit-changes] [WebKit/WebKit] b3a4a4: [JSC] LLInt slow path of op_iterator_next doesn't ...
Commit Queue
noreply at github.com
Thu Aug 31 15:47:13 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b3a4a487b56ade502613ebf7e0136f35ba68fa84
https://github.com/WebKit/WebKit/commit/b3a4a487b56ade502613ebf7e0136f35ba68fa84
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-08-31 (Thu, 31 Aug 2023)
Changed paths:
A JSTests/stress/regress-260980.js
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
Log Message:
-----------
[JSC] LLInt slow path of op_iterator_next doesn't always check m_done value
https://bugs.webkit.org/show_bug.cgi?id=260980
<rdar://114745586>
Reviewed by Mark Lam.
Before this change, if `iteratorResult.done` wasn't of boolean type, its value wasn't checked.
This patch adds ToBoolean coercion and the missing check, aligning JSC with V8 and SpiderMonkey.
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* JSTests/stress/regress-260980.js: Added.
Canonical link: https://commits.webkit.org/267526@main
More information about the webkit-changes
mailing list