Commit 4782ba83 authored by barraclough@apple.com's avatar barraclough@apple.com

StringRecursionChecker should not work in terms of EncodedJSValue

https://bugs.webkit.org/show_bug.cgi?id=69188

Reviewed by Oliver Hunt.

0 is not the empty value on 32_64.
Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
* runtime/ErrorPrototype.cpp:
(JSC::errorProtoFuncToString):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/StringRecursionChecker.cpp:
(JSC::StringRecursionChecker::throwStackOverflowError):
(JSC::StringRecursionChecker::emptyString):
* runtime/StringRecursionChecker.h:
(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::earlyReturnValue):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 13f725a3
2011-09-30 Gavin Barraclough <barraclough@apple.com>
StringRecursionChecker should not work in terms of EncodedJSValue
https://bugs.webkit.org/show_bug.cgi?id=69188
Reviewed by Oliver Hunt.
0 is not the empty value on 32_64.
Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
* runtime/ErrorPrototype.cpp:
(JSC::errorProtoFuncToString):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/StringRecursionChecker.cpp:
(JSC::StringRecursionChecker::throwStackOverflowError):
(JSC::StringRecursionChecker::emptyString):
* runtime/StringRecursionChecker.h:
(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::earlyReturnValue):
2011-09-30 Gavin Barraclough <barraclough@apple.com>
DFG JIT, Branch on integer can always be a 32-bit compare.
......@@ -180,8 +180,8 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToString(ExecState* exec)
return JSValue::encode(jsUndefined());
StringRecursionChecker checker(exec, thisObj);
if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
return earlyReturnValue;
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
unsigned totalSize = length ? length - 1 : 0;
#if OS(SYMBIAN)
......@@ -243,8 +243,8 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState* exec)
return JSValue::encode(jsUndefined());
StringRecursionChecker checker(exec, thisObj);
if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
return earlyReturnValue;
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
JSStringBuilder strBuffer;
for (unsigned k = 0; k < length; k++) {
......@@ -277,8 +277,8 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncJoin(ExecState* exec)
return JSValue::encode(jsUndefined());
StringRecursionChecker checker(exec, thisObj);
if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
return earlyReturnValue;
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
JSStringBuilder strBuffer;
......
......@@ -79,8 +79,8 @@ EncodedJSValue JSC_HOST_CALL errorProtoFuncToString(ExecState* exec)
JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
StringRecursionChecker checker(exec, thisObj);
if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
return earlyReturnValue;
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
JSValue name = thisObj->get(exec, exec->propertyNames().name);
JSValue message = thisObj->get(exec, exec->propertyNames().message);
......
......@@ -142,8 +142,8 @@ EncodedJSValue JSC_HOST_CALL regExpProtoFuncToString(ExecState* exec)
RegExpObject* thisObject = asRegExpObject(thisValue);
StringRecursionChecker checker(exec, thisObject);
if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
return earlyReturnValue;
if (JSValue earlyReturnValue = checker.earlyReturnValue())
return JSValue::encode(earlyReturnValue);
char postfix[5] = { '/', 0, 0, 0, 0 };
int index = 1;
......
......@@ -25,14 +25,14 @@
namespace JSC {
EncodedJSValue StringRecursionChecker::throwStackOverflowError()
JSValue StringRecursionChecker::throwStackOverflowError()
{
return throwVMError(m_exec, createStackOverflowError(m_exec));
return throwError(m_exec, createStackOverflowError(m_exec));
}
EncodedJSValue StringRecursionChecker::emptyString()
JSValue StringRecursionChecker::emptyString()
{
return JSValue::encode(jsEmptyString(m_exec));
return jsEmptyString(m_exec);
}
}
......@@ -31,19 +31,19 @@ public:
StringRecursionChecker(ExecState*, JSObject* thisObject);
~StringRecursionChecker();
EncodedJSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
JSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
private:
EncodedJSValue throwStackOverflowError();
EncodedJSValue emptyString();
EncodedJSValue performCheck();
JSValue throwStackOverflowError();
JSValue emptyString();
JSValue performCheck();
ExecState* m_exec;
JSObject* m_thisObject;
EncodedJSValue m_earlyReturnValue;
JSValue m_earlyReturnValue;
};
inline EncodedJSValue StringRecursionChecker::performCheck()
inline JSValue StringRecursionChecker::performCheck()
{
int size = m_exec->globalData().stringRecursionCheckVisitedObjects.size();
if (size >= MaxSmallThreadReentryDepth && size >= m_exec->globalData().maxReentryDepth)
......@@ -51,7 +51,7 @@ inline EncodedJSValue StringRecursionChecker::performCheck()
bool alreadyVisited = !m_exec->globalData().stringRecursionCheckVisitedObjects.add(m_thisObject).second;
if (alreadyVisited)
return emptyString(); // Return empty string to avoid infinite recursion.
return 0; // Indicate success.
return JSValue(); // Indicate success.
}
inline StringRecursionChecker::StringRecursionChecker(ExecState* exec, JSObject* thisObject)
......@@ -61,7 +61,7 @@ inline StringRecursionChecker::StringRecursionChecker(ExecState* exec, JSObject*
{
}
inline EncodedJSValue StringRecursionChecker::earlyReturnValue() const
inline JSValue StringRecursionChecker::earlyReturnValue() const
{
return m_earlyReturnValue;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment