Skip to content
  • barraclough@apple.com's avatar
    Array.prototype functions should throw if delete fails · 1052f503
    barraclough@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=80467
    
    Reviewed by Oliver Hunt.
    
    Source/JavaScriptCore: 
    
    All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
    In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
    in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
    one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
    routines, for handling arrays with holes. These three copies should be unified.
    
    * runtime/ArrayPrototype.cpp:
    (JSC::shift):
    (JSC::unshift):
        - Added - shared copies of the shift/unshift functionality.
    (JSC::arrayProtoFuncPop):
        - should throw if the delete fails.
    (JSC::arrayProtoFuncReverse):
        - should throw if the delete fails.
    (JSC::arrayProtoFuncShift):
    (JSC::arrayProtoFuncSplice):
    (JSC::arrayProtoFuncUnShift):
        - use shift/unshift.
    * runtime/JSArray.cpp:
    (...
    1052f503