[webkit-reviews] review granted: [Bug 214624] Disallow VM entry when doing a VMInquiry. : [Attachment 404902] proposed patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 22 11:36:38 PDT 2020
Saam Barati <sbarati at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 214624: Disallow VM entry when doing a VMInquiry.
https://bugs.webkit.org/show_bug.cgi?id=214624
Attachment 404902: proposed patch.
https://bugs.webkit.org/attachment.cgi?id=404902&action=review
--- Comment #5 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 404902
--> https://bugs.webkit.org/attachment.cgi?id=404902
proposed patch.
View in context: https://bugs.webkit.org/attachment.cgi?id=404902&action=review
r=me
> Source/JavaScriptCore/ChangeLog:27
> + do entail entering the VM. In such cases, we need to reset the
PropertySlot's
do entail => entails
>
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSe
tter.cpp:310
> + PropertySlot slot { thisObject,
PropertySlot::InternalMethodType::VMInquiry, &lexicalGlobalObject->vm() };
> + bool found = JSObject::getOwnPropertySlot(thisObject,
lexicalGlobalObject, propertyName, slot);
> + slot.disallowVMEntry.reset();
for a lot of these that just require the bool result of calling
getOwnPropertySlot, if you just passed the slot in as a constructed thing in
the function call, you wouldn't need the reset dance, since it's destroyed post
call.
(I haven't vetted all call sites, but a lot could do this, and would be cleaner
for it)
More information about the webkit-reviews
mailing list