https://bugs.webkit.org/show_bug.cgi?id=64679

author barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Wed, 28 Sep 2011 19:02:57 +0000 (19:02 +0000)

committer barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Wed, 28 Sep 2011 19:02:57 +0000 (19:02 +0000)
author barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Sep 2011 19:02:57 +0000 (19:02 +0000)
committer barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Sep 2011 19:02:57 +0000 (19:02 +0000)
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog

index d5b4160..8b71d7f 100644 (file)
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,32 @@
+2011-09-28  Gavin Barraclough  <barraclough@apple.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=64679
+        Fix bugs in Array.prototype this handling.
+
+        Reviewed by Oliver Hunt.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncJoin):
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncReverse):
+        (JSC::arrayProtoFuncShift):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncReduce):
+        (JSC::arrayProtoFuncReduceRight):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+            - These methods should throw if this value is undefined.
+
  2011-09-27  Yuqiang Xian  <yuqiang.xian@intel.com>
  
          Value profiling in baseline JIT for JSVALUE32_64
diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

index 3dd8b0c..8576f27 100644 (file)
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -271,7 +271,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncJoin(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -341,7 +341,9 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncConcat(ExecState* exec)
      JSValue thisValue = exec->hostThisValue();
      JSArray* arr = constructEmptyArray(exec);
      unsigned n = 0;
-    JSValue curArg = thisValue.toThisObject(exec);
+    JSValue curArg = thisValue.toObject(exec);
+    if (exec->hadException())
+        return JSValue::encode(jsUndefined());
      size_t i = 0;
      size_t argCount = exec->argumentCount();
      while (1) {
@@ -373,7 +375,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPop(ExecState* exec)
      if (isJSArray(&exec->globalData(), thisValue))
          return JSValue::encode(asArray(thisValue)->pop());
  
-    JSObject* thisObj = thisValue.toThisObject(exec);
+    JSObject* thisObj = thisValue.toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -400,7 +402,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState* exec)
          return JSValue::encode(jsNumber(array->length()));
      }
  
-    JSObject* thisObj = thisValue.toThisObject(exec);
+    JSObject* thisObj = thisValue.toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -422,7 +424,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -448,13 +450,12 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
-    JSValue result;
-
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
  
+    JSValue result;
      if (length == 0) {
          putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(length));
          result = jsUndefined();
@@ -479,16 +480,15 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState* exec)
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec)
  {
      // http://developer.netscape.com/docs/manuals/js/client/jsref/array.htm#1193713 or 15.4.4.10
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (exec->hadException())
+        return JSValue::encode(jsUndefined());
  
      // We return a new array
      JSArray* resObj = constructEmptyArray(exec);
      JSValue result = resObj;
  
-    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
-    if (exec->hadException())
-        return JSValue::encode(jsUndefined());
-
      unsigned begin = argumentClampedIndexFromStartOrEnd(exec, 0, length);
      unsigned end = argumentClampedIndexFromStartOrEnd(exec, 1, length, length);
  
@@ -503,7 +503,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncSort(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (!length || exec->hadException())
          return JSValue::encode(thisObj);
@@ -565,7 +565,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec)
  {
      // 15.4.4.12
  
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -633,7 +633,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState* exec)
  {
      // 15.4.4.13
  
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -660,7 +660,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -719,7 +719,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -781,7 +781,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -839,7 +839,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncForEach(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -889,7 +889,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncForEach(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -946,7 +946,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduce(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -1021,7 +1021,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduce(ExecState* exec)
  
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduceRight(ExecState* exec)
  {
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -1096,7 +1096,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduceRight(ExecState* exec)
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState* exec)
  {
      // 15.4.4.14
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (exec->hadException())
          return JSValue::encode(jsUndefined());
@@ -1117,7 +1117,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState* exec)
  EncodedJSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(ExecState* exec)
  {
      // 15.4.4.15
-    JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
+    JSObject* thisObj = exec->hostThisValue().toObject(exec);
      unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
      if (!length)
          return JSValue::encode(jsNumber(-1));
author	barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Wed, 28 Sep 2011 19:02:57 +0000 (19:02 +0000)
committer	barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Wed, 28 Sep 2011 19:02:57 +0000 (19:02 +0000)
Source/JavaScriptCore/ChangeLog		patch \| blob \| history
Source/JavaScriptCore/runtime/ArrayPrototype.cpp		patch \| blob \| history