mirror of
https://github.com/RGBCube/serenity
synced 2025-05-31 11:28:12 +00:00
LibJS: Do not invoke Cell::vm in constructors before Cell is constructed
In a subclass of Cell, we cannot use Cell::vm() before the base Cell object itself is constructed. Use the Realm's VM instead. This was caught by UBSAN with vptr sanitation enabled.
This commit is contained in:
Timothy Flynn
Andreas Kling
parent
3efe611dbf
commit
85e313077a
46 changed files with 97 additions and 97 deletions
|
|
@ -12,7 +12,7 @@
|
|||
namespace JS {
|
||||
|
||||
ErrorConstructor::ErrorConstructor(Realm& realm)
|
||||
: NativeFunction(vm().names.Error.as_string(), *realm.intrinsics().function_prototype())
|
||||
: NativeFunction(realm.vm().names.Error.as_string(), *realm.intrinsics().function_prototype())
|
||||
{
|
||||
}
|
||||
|
||||
|
|
@ -61,57 +61,57 @@ ThrowCompletionOr<Object*> ErrorConstructor::construct(FunctionObject& new_targe
|
|||
return error;
|
||||
}
|
||||
|
||||
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, ArrayType) \
|
||||
ConstructorName::ConstructorName(Realm& realm) \
|
||||
: NativeFunction(vm().names.ClassName.as_string(), *static_cast<Object*>(realm.intrinsics().error_constructor())) \
|
||||
{ \
|
||||
} \
|
||||
\
|
||||
void ConstructorName::initialize(Realm& realm) \
|
||||
{ \
|
||||
auto& vm = this->vm(); \
|
||||
NativeFunction::initialize(realm); \
|
||||
\
|
||||
/* 20.5.6.2.1 NativeError.prototype, https://tc39.es/ecma262/#sec-nativeerror.prototype */ \
|
||||
define_direct_property(vm.names.prototype, realm.intrinsics().snake_name##_prototype(), 0); \
|
||||
\
|
||||
define_direct_property(vm.names.length, Value(1), Attribute::Configurable); \
|
||||
} \
|
||||
\
|
||||
ConstructorName::~ConstructorName() = default; \
|
||||
\
|
||||
/* 20.5.6.1.1 NativeError ( message [ , options ] ), https://tc39.es/ecma262/#sec-nativeerror */ \
|
||||
ThrowCompletionOr<Value> ConstructorName::call() \
|
||||
{ \
|
||||
/* 1. If NewTarget is undefined, let newTarget be the active function object; else let newTarget be NewTarget. */ \
|
||||
return TRY(construct(*this)); \
|
||||
} \
|
||||
\
|
||||
/* 20.5.6.1.1 NativeError ( message [ , options ] ), https://tc39.es/ecma262/#sec-nativeerror */ \
|
||||
ThrowCompletionOr<Object*> ConstructorName::construct(FunctionObject& new_target) \
|
||||
{ \
|
||||
auto& vm = this->vm(); \
|
||||
\
|
||||
auto message = vm.argument(0); \
|
||||
auto options = vm.argument(1); \
|
||||
\
|
||||
/* 2. Let O be ? OrdinaryCreateFromConstructor(newTarget, "%NativeError.prototype%", « [[ErrorData]] »). */ \
|
||||
auto* error = TRY(ordinary_create_from_constructor<ClassName>(vm, new_target, &Intrinsics::snake_name##_prototype)); \
|
||||
\
|
||||
/* 3. If message is not undefined, then */ \
|
||||
if (!message.is_undefined()) { \
|
||||
/* a. Let msg be ? ToString(message). */ \
|
||||
auto msg = TRY(message.to_string(vm)); \
|
||||
\
|
||||
/* b. Perform CreateNonEnumerableDataPropertyOrThrow(O, "message", msg). */ \
|
||||
error->create_non_enumerable_data_property_or_throw(vm.names.message, js_string(vm, move(msg))); \
|
||||
} \
|
||||
\
|
||||
/* 4. Perform ? InstallErrorCause(O, options). */ \
|
||||
TRY(error->install_error_cause(options)); \
|
||||
\
|
||||
/* 5. Return O. */ \
|
||||
return error; \
|
||||
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, ArrayType) \
|
||||
ConstructorName::ConstructorName(Realm& realm) \
|
||||
: NativeFunction(realm.vm().names.ClassName.as_string(), *static_cast<Object*>(realm.intrinsics().error_constructor())) \
|
||||
{ \
|
||||
} \
|
||||
\
|
||||
void ConstructorName::initialize(Realm& realm) \
|
||||
{ \
|
||||
auto& vm = this->vm(); \
|
||||
NativeFunction::initialize(realm); \
|
||||
\
|
||||
/* 20.5.6.2.1 NativeError.prototype, https://tc39.es/ecma262/#sec-nativeerror.prototype */ \
|
||||
define_direct_property(vm.names.prototype, realm.intrinsics().snake_name##_prototype(), 0); \
|
||||
\
|
||||
define_direct_property(vm.names.length, Value(1), Attribute::Configurable); \
|
||||
} \
|
||||
\
|
||||
ConstructorName::~ConstructorName() = default; \
|
||||
\
|
||||
/* 20.5.6.1.1 NativeError ( message [ , options ] ), https://tc39.es/ecma262/#sec-nativeerror */ \
|
||||
ThrowCompletionOr<Value> ConstructorName::call() \
|
||||
{ \
|
||||
/* 1. If NewTarget is undefined, let newTarget be the active function object; else let newTarget be NewTarget. */ \
|
||||
return TRY(construct(*this)); \
|
||||
} \
|
||||
\
|
||||
/* 20.5.6.1.1 NativeError ( message [ , options ] ), https://tc39.es/ecma262/#sec-nativeerror */ \
|
||||
ThrowCompletionOr<Object*> ConstructorName::construct(FunctionObject& new_target) \
|
||||
{ \
|
||||
auto& vm = this->vm(); \
|
||||
\
|
||||
auto message = vm.argument(0); \
|
||||
auto options = vm.argument(1); \
|
||||
\
|
||||
/* 2. Let O be ? OrdinaryCreateFromConstructor(newTarget, "%NativeError.prototype%", « [[ErrorData]] »). */ \
|
||||
auto* error = TRY(ordinary_create_from_constructor<ClassName>(vm, new_target, &Intrinsics::snake_name##_prototype)); \
|
||||
\
|
||||
/* 3. If message is not undefined, then */ \
|
||||
if (!message.is_undefined()) { \
|
||||
/* a. Let msg be ? ToString(message). */ \
|
||||
auto msg = TRY(message.to_string(vm)); \
|
||||
\
|
||||
/* b. Perform CreateNonEnumerableDataPropertyOrThrow(O, "message", msg). */ \
|
||||
error->create_non_enumerable_data_property_or_throw(vm.names.message, js_string(vm, move(msg))); \
|
||||
} \
|
||||
\
|
||||
/* 4. Perform ? InstallErrorCause(O, options). */ \
|
||||
TRY(error->install_error_cause(options)); \
|
||||
\
|
||||
/* 5. Return O. */ \
|
||||
return error; \
|
||||
}
|
||||
|
||||
JS_ENUMERATE_NATIVE_ERRORS
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue