Adding error checking to JsCreateWeakReference

MSLaguana · MSLaguana · commit 007944d07dfc · 2017-09-20T12:14:50.000-07:00
If a tagged value or a non-RecyclableObject is passed in,
we will now report an error rather than crashing non-deterministically
in a future GC.
diff --git a/lib/Jsrt/ChakraCommon.h b/lib/Jsrt/ChakraCommon.h
@@ -223,6 +223,11 @@ typedef unsigned short uint16_t;
         /// </summary>
         JsErrorModuleParsed,
         /// <summary>
+        ///     Argument passed to JsCreateWeakReference is a primitive that is not managed by the GC.
+        ///     No weak reference is required, the value will never be collected.
+        /// </summary>
+        JsNoWeakRefRequired,
+        /// <summary>
         ///     Category of errors that relates to errors occurring within the engine itself.
         /// </summary>
         JsErrorCategoryEngine = 0x20000,
diff --git a/lib/Jsrt/Jsrt.cpp b/lib/Jsrt/Jsrt.cpp
@@ -4612,6 +4612,15 @@ CHAKRA_API JsCreateWeakReference(
     PARAM_NOT_NULL(weakRef);
     *weakRef = nullptr;
 
+    if (Js::TaggedNumber::Is(value))
+    {
+        return JsNoWeakRefRequired;
+    }
+    else if (!Js::RecyclableObject::Is(value))
+    {
+        return JsErrorInvalidArgument;
+    }
+
     return GlobalAPIWrapper_NoRecord([&]() -> JsErrorCode {
         ThreadContext* threadContext = ThreadContext::GetContextForCurrentThread();
         if (threadContext == nullptr)
