Fix Runtime_SetProperty to properly handle OOM failures

author jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>

Mon, 17 Jun 2013 17:42:27 +0000 (17:42 +0000)

committer jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>

Mon, 17 Jun 2013 17:42:27 +0000 (17:42 +0000)
author jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 17 Jun 2013 17:42:27 +0000 (17:42 +0000)
committer jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 17 Jun 2013 17:42:27 +0000 (17:42 +0000)
diff --git a/src/objects.cc b/src/objects.cc

index d84a833..e9b7ec2 100644 (file)
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -12060,7 +12060,7 @@ Handle<Object> JSObject::SetElement(Handle<JSObject> object,
                                      StrictModeFlag strict_mode,
                                      SetPropertyMode set_mode) {
    if (object->HasExternalArrayElements()) {
-    if (!value->IsSmi() && !value->IsHeapNumber() && !value->IsUndefined()) {
+    if (!value->IsNumber() && !value->IsUndefined()) {
        bool has_exception;
        Handle<Object> number = Execution::ToNumber(value, &has_exception);
        if (has_exception) return Handle<Object>();
diff --git a/src/runtime.cc b/src/runtime.cc

index 48a818c..0c744ca 100644 (file)
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -4753,25 +4753,40 @@ MaybeObject* Runtime::SetObjectProperty(Isolate* isolate,
      }
  
      js_object->ValidateElements();
-    Handle<Object> result = JSObject::SetElement(
-        js_object, index, value, attr, strict_mode, set_mode);
+    if (js_object->HasExternalArrayElements()) {
+      if (!value->IsNumber() && !value->IsUndefined()) {
+        bool has_exception;
+        Handle<Object> number = Execution::ToNumber(value, &has_exception);
+        if (has_exception) return Failure::Exception();
+        value = number;
+      }
+    }
+    MaybeObject* result = js_object->SetElement(
+        index, *value, attr, strict_mode, true, set_mode);
      js_object->ValidateElements();
-    if (result.is_null()) return Failure::Exception();
+    if (result->IsFailure()) return result;
      return *value;
    }
  
    if (key->IsName()) {
-    Handle<Object> result;
+    MaybeObject* result;
      Handle<Name> name = Handle<Name>::cast(key);
      if (name->AsArrayIndex(&index)) {
-      result = JSObject::SetElement(
-          js_object, index, value, attr, strict_mode, set_mode);
+      if (js_object->HasExternalArrayElements()) {
+        if (!value->IsNumber() && !value->IsUndefined()) {
+          bool has_exception;
+          Handle<Object> number = Execution::ToNumber(value, &has_exception);
+          if (has_exception) return Failure::Exception();
+          value = number;
+        }
+      }
+      result = js_object->SetElement(
+          index, *value, attr, strict_mode, true, set_mode);
      } else {
        if (name->IsString()) Handle<String>::cast(name)->TryFlatten();
-      result = JSReceiver::SetProperty(
-          js_object, name, value, attr, strict_mode);
+      result = js_object->SetProperty(*name, *value, attr, strict_mode);
      }
-    if (result.is_null()) return Failure::Exception();
+    if (result->IsFailure()) return result;
      return *value;
    }
author	jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Mon, 17 Jun 2013 17:42:27 +0000 (17:42 +0000)
committer	jkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Mon, 17 Jun 2013 17:42:27 +0000 (17:42 +0000)
src/objects.cc		patch \| blob \| history
src/runtime.cc		patch \| blob \| history