Changeset 232089 in webkit

Timestamp:

May 22, 2018 4:54:16 PM (6 years ago)

Author:

mark.lam@apple.com

Message:

StringImpl utf8 conversion should not fail silently.
​https://bugs.webkit.org/show_bug.cgi?id=185888
<rdar://problem/40464506>

Reviewed by Filip Pizlo.

JSTests:

• stress/regress-185888.js: Added.

Source/JavaScriptCore:

• dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::dumpInContext const):

• runtime/DateConstructor.cpp:

(JSC::constructDate):
(JSC::dateParse):

• runtime/JSDateMath.cpp:

(JSC::parseDate):

• runtime/JSDateMath.h:

Source/WTF:

• WTF.xcodeproj/project.pbxproj:
• wtf/CMakeLists.txt:
• wtf/PrintStream.cpp:

(WTF::printExpectedCStringHelper):
(WTF::printInternal):

• wtf/text/StringImpl.cpp:

(WTF::StringImpl::utf8Impl):
(WTF::StringImpl::utf8ForCharacters):
(WTF::StringImpl::tryUtf8ForRange const):
(WTF::StringImpl::tryUtf8 const):
(WTF::StringImpl::utf8 const):
(WTF::StringImpl::utf8ForRange const): Deleted.

• wtf/text/StringImpl.h:
• wtf/text/StringView.cpp:

(WTF::StringView::tryUtf8 const):
(WTF::StringView::utf8 const):

• wtf/text/StringView.h:
• wtf/text/UTF8ConversionError.h: Added.
• wtf/text/WTFString.cpp:

(WTF::String::tryUtf8 const):
(WTF::String::utf8 const):

• wtf/text/WTFString.h:

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/regress-185888.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGLazyJSValue.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/DateConstructor.cpp (modified) (3 diffs)
• Source/JavaScriptCore/runtime/JSDateMath.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSDateMath.h (modified) (3 diffs)
• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/WTF.xcodeproj/project.pbxproj (modified) (2 diffs)
• Source/WTF/wtf/CMakeLists.txt (modified) (1 diff)
• Source/WTF/wtf/PrintStream.cpp (modified) (3 diffs)
• Source/WTF/wtf/text/StringImpl.cpp (modified) (8 diffs)
• Source/WTF/wtf/text/StringImpl.h (modified) (4 diffs)
• Source/WTF/wtf/text/StringView.cpp (modified) (2 diffs)
• Source/WTF/wtf/text/StringView.h (modified) (2 diffs)
• Source/WTF/wtf/text/UTF8ConversionError.h (added)
• Source/WTF/wtf/text/WTFString.cpp (modified) (1 diff)
• Source/WTF/wtf/text/WTFString.h (modified) (1 diff)

trunk/JSTests/ChangeLog

@@ +1 @@
+2018-05-22  Mark Lam  <mark.lam@apple.com>
+
+        StringImpl utf8 conversion should not fail silently.
+        https://bugs.webkit.org/show_bug.cgi?id=185888
+        <rdar://problem/40464506>
+
+        Reviewed by Filip Pizlo.
+
+        * stress/regress-185888.js: Added.
+
 2018-05-22  Keith Miller  <keith_miller@apple.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-05-22  Mark Lam  <mark.lam@apple.com>
+
+        StringImpl utf8 conversion should not fail silently.
+        https://bugs.webkit.org/show_bug.cgi?id=185888
+        <rdar://problem/40464506>
+
+        Reviewed by Filip Pizlo.
+
+        * dfg/DFGLazyJSValue.cpp:
+        (JSC::DFG::LazyJSValue::dumpInContext const):
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+        (JSC::dateParse):
+        * runtime/JSDateMath.cpp:
+        (JSC::parseDate):
+        * runtime/JSDateMath.h:
+
 2018-05-22  Keith Miller  <keith_miller@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGLazyJSValue.cpp

@@ -251 +251 @@
         out.print("Lazy:SingleCharacterString(");
         out.printf("%04X", static_cast<unsigned>(character()));
-        out.print(" / ", StringImpl::utf8ForCharacters(&u.character, 1), ")");
+        out.print(" / ", StringImpl::utf8ForCharacters(&u.character, 1).value(), ")");
         return;
     case KnownStringImpl:

trunk/Source/JavaScriptCore/runtime/DateConstructor.cpp

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- *  Copyright (C) 2004-2008, 2011, 2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2004-2018 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -137 +137 @@
             JSValue primitive = arg0.toPrimitive(exec);
             RETURN_IF_EXCEPTION(scope, nullptr);
-            if (primitive.isString())
-                value = parseDate(vm, asString(primitive)->value(exec));
-            else
+            if (primitive.isString()) {
+                value = parseDate(exec, vm, asString(primitive)->value(exec));
+                RETURN_IF_EXCEPTION(scope, nullptr);
+            } else
                 value = primitive.toNumber(exec);
         }
@@ -173 +174 @@
     String dateStr = exec->argument(0).toWTFString(exec);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
-    return JSValue::encode(jsNumber(parseDate(vm, dateStr)));
+    scope.release();
+    return JSValue::encode(jsNumber(parseDate(exec, vm, dateStr)));
 }
 

trunk/Source/JavaScriptCore/runtime/JSDateMath.cpp

@@ -1 +1 @@
 /*
  * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- * Copyright (C) 2006, 2007, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2018 Apple Inc. All rights reserved.
  * Copyright (C) 2009 Google Inc. All rights reserved.
  * Copyright (C) 2007-2009 Torch Mobile, Inc.
@@ -236 +236 @@
 }
 
-double parseDate(VM& vm, const String& date)
-{
+double parseDate(ExecState* exec, VM& vm, const String& date)
+{
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     if (date == vm.cachedDateString)
         return vm.cachedDateStringValue;
-    double value = parseES5DateFromNullTerminatedCharacters(date.utf8().data());
+    auto expectedString = date.tryGetUtf8();
+    if (!expectedString) {
+        if (expectedString.error() == UTF8ConversionError::OutOfMemory)
+            throwOutOfMemoryError(exec, scope);
+        // https://tc39.github.io/ecma262/#sec-date-objects section 20.3.3.2 states that:
+        // "Unrecognizable Strings or dates containing illegal element values in the
+        // format String shall cause Date.parse to return NaN."
+        return std::numeric_limits<double>::quiet_NaN();
+    }
+
+    auto dateUtf8 = expectedString.value();
+    double value = parseES5DateFromNullTerminatedCharacters(dateUtf8.data());
     if (std::isnan(value))
-        value = parseDateFromNullTerminatedCharacters(vm, date.utf8().data());
+        value = parseDateFromNullTerminatedCharacters(vm, dateUtf8.data());
     vm.cachedDateString = date;
     vm.cachedDateStringValue = value;

trunk/Source/JavaScriptCore/runtime/JSDateMath.h

@@ -1 +1 @@
 /*
  * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2018 Apple Inc. All rights reserved.
  * Copyright (C) 2009 Google Inc. All rights reserved.
  * Copyright (C) 2010 Research In Motion Limited. All rights reserved.
@@ -48 +48 @@
 namespace JSC {
 
+class ExecState;
 class VM;
 
@@ -54 +55 @@
 JS_EXPORT_PRIVATE double getUTCOffset(VM&);
 JS_EXPORT_PRIVATE double parseDateFromNullTerminatedCharacters(VM&, const char* dateString);
-JS_EXPORT_PRIVATE double parseDate(VM&, const WTF::String&);
+JS_EXPORT_PRIVATE double parseDate(ExecState*, VM&, const WTF::String&);
 
 } // namespace JSC

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2018-05-22  Mark Lam  <mark.lam@apple.com>
+
+        StringImpl utf8 conversion should not fail silently.
+        https://bugs.webkit.org/show_bug.cgi?id=185888
+        <rdar://problem/40464506>
+
+        Reviewed by Filip Pizlo.
+
+        * WTF.xcodeproj/project.pbxproj:
+        * wtf/CMakeLists.txt:
+        * wtf/PrintStream.cpp:
+        (WTF::printExpectedCStringHelper):
+        (WTF::printInternal):
+        * wtf/text/StringImpl.cpp:
+        (WTF::StringImpl::utf8Impl):
+        (WTF::StringImpl::utf8ForCharacters):
+        (WTF::StringImpl::tryUtf8ForRange const):
+        (WTF::StringImpl::tryUtf8 const):
+        (WTF::StringImpl::utf8 const):
+        (WTF::StringImpl::utf8ForRange const): Deleted.
+        * wtf/text/StringImpl.h:
+        * wtf/text/StringView.cpp:
+        (WTF::StringView::tryUtf8 const):
+        (WTF::StringView::utf8 const):
+        * wtf/text/StringView.h:
+        * wtf/text/UTF8ConversionError.h: Added.
+        * wtf/text/WTFString.cpp:
+        (WTF::String::tryUtf8 const):
+        (WTF::String::utf8 const):
+        * wtf/text/WTFString.h:
+
 2018-05-22  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WTF/WTF.xcodeproj/project.pbxproj

@@ -642 +642 @@
                 FEDACD3B1630F83F00C69634 /* StackStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StackStats.cpp; sourceTree = "<group>"; };
                 FEDACD3C1630F83F00C69634 /* StackStats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackStats.h; sourceTree = "<group>"; };
+                FEF295BF20B49DCB00CF283A /* UTF8ConversionError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UTF8ConversionError.h; sourceTree = "<group>"; };
                 FF0A436588954F3CB07DBECA /* StdList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdList.h; sourceTree = "<group>"; };
 /* End PBXFileReference section */
@@ -1219 +1220 @@
                                 A3E4DD911F3A803400DED0B4 /* TextStream.cpp */,
                                 A3E4DD921F3A803400DED0B4 /* TextStream.h */,
+                                FEF295BF20B49DCB00CF283A /* UTF8ConversionError.h */,
                                 70ECA60C1B02426800449739 /* UniquedStringImpl.h */,
                                 A3AB6E6A1F3E1AD6009C14B1 /* ValueToString.h */,

trunk/Source/WTF/wtf/CMakeLists.txt

@@ -306 +306 @@
     text/TextPosition.h
     text/TextStream.h
+    text/UTF8ConversionError.h
     text/UniquedStringImpl.h
     text/ValueToString.h

trunk/Source/WTF/wtf/PrintStream.cpp

@@ -83 +83 @@
 }
 
+static void printExpectedCStringHelper(PrintStream& out, const char* type, Expected<CString, UTF8ConversionError> expectedCString)
+{
+    if (UNLIKELY(!expectedCString)) {
+        if (expectedCString.error() == UTF8ConversionError::OutOfMemory)
+            out.print("(Out of memory while converting ", type, " to utf8)");
+        else
+            out.print("(failed to convert ", type, " to utf8)");
+        return;
+    }
+    out.print(expectedCString.value());
+}
+
 void printInternal(PrintStream& out, const StringView& string)
 {
-    out.print(string.utf8());
+    printExpectedCStringHelper(out, "StringView", string.tryGetUtf8());
 }
 
@@ -95 +107 @@
 void printInternal(PrintStream& out, const String& string)
 {
-    out.print(string.utf8());
+    printExpectedCStringHelper(out, "String", string.tryGetUtf8());
 }
 
@@ -104 +116 @@
         return;
     }
-    out.print(string->utf8());
+    printExpectedCStringHelper(out, "StringImpl*", string->tryGetUtf8());
 }
 

trunk/Source/WTF/wtf/text/StringImpl.cpp

@@ -1727 +1727 @@
 }
 
-bool StringImpl::utf8Impl(const UChar* characters, unsigned length, char*& buffer, size_t bufferSize, ConversionMode mode)
+UTF8ConversionError StringImpl::utf8Impl(const UChar* characters, unsigned length, char*& buffer, size_t bufferSize, ConversionMode mode)
 {
     if (mode == StrictConversionReplacingUnpairedSurrogatesWithFFFD) {
@@ -1755 +1755 @@
         if (result == sourceIllegal) {
             ASSERT(strict);
-            return false;
+            return UTF8ConversionError::IllegalSource;
         }
 
@@ -1761 +1761 @@
         if (result == sourceExhausted) {
             if (strict)
-                return false;
+                return UTF8ConversionError::SourceExhausted;
             // This should be one unpaired high surrogate. Treat it the same
             // was as an unpaired high surrogate would have been handled in
@@ -1775 +1775 @@
     }
     
-    return true;
-}
-
-CString StringImpl::utf8ForCharacters(const LChar* characters, unsigned length)
+    return UTF8ConversionError::None;
+}
+
+Expected<CString, UTF8ConversionError> StringImpl::utf8ForCharacters(const LChar* characters, unsigned length)
 {
     if (!length)
         return CString("", 0);
     if (length > std::numeric_limits<unsigned>::max() / 3)
-        return CString();
+        return makeUnexpected(UTF8ConversionError::OutOfMemory);
     Vector<char, 1024> bufferVector(length * 3);
     char* buffer = bufferVector.data();
@@ -1792 +1792 @@
 }
 
-CString StringImpl::utf8ForCharacters(const UChar* characters, unsigned length, ConversionMode mode)
+Expected<CString, UTF8ConversionError> StringImpl::utf8ForCharacters(const UChar* characters, unsigned length, ConversionMode mode)
 {
     if (!length)
         return CString("", 0);
     if (length > std::numeric_limits<unsigned>::max() / 3)
-        return CString();
+        return makeUnexpected(UTF8ConversionError::OutOfMemory);
     Vector<char, 1024> bufferVector(length * 3);
     char* buffer = bufferVector.data();
-    if (!utf8Impl(characters, length, buffer, bufferVector.size(), mode))
-        return CString();
+    UTF8ConversionError error = utf8Impl(characters, length, buffer, bufferVector.size(), mode);
+    if (error != UTF8ConversionError::None)
+        return makeUnexpected(error);
     return CString(bufferVector.data(), buffer - bufferVector.data());
 }
 
-CString StringImpl::utf8ForRange(unsigned offset, unsigned length, ConversionMode mode) const
+Expected<CString, UTF8ConversionError> StringImpl::tryGetUtf8ForRange(unsigned offset, unsigned length, ConversionMode mode) const
 {
     ASSERT(offset <= this->length());
@@ -1824 +1825 @@
     //    buffer without reallocing (say, 1.5 x length).
     if (length > std::numeric_limits<unsigned>::max() / 3)
-        return CString();
+        return makeUnexpected(UTF8ConversionError::OutOfMemory);
     Vector<char, 1024> bufferVector(length * 3);
 
@@ -1835 +1836 @@
         ASSERT_UNUSED(result, result != targetExhausted); // (length * 3) should be sufficient for any conversion
     } else {
-        if (!utf8Impl(this->characters16() + offset, length, buffer, bufferVector.size(), mode))
-            return CString();
+        UTF8ConversionError error = utf8Impl(this->characters16() + offset, length, buffer, bufferVector.size(), mode);
+        if (error != UTF8ConversionError::None)
+            return makeUnexpected(error);
     }
 
@@ -1842 +1844 @@
 }
 
+Expected<CString, UTF8ConversionError> StringImpl::tryGetUtf8(ConversionMode mode) const
+{
+    return tryGetUtf8ForRange(0, length(), mode);
+}
+
 CString StringImpl::utf8(ConversionMode mode) const
 {
-    return utf8ForRange(0, length(), mode);
+    auto expectedString = tryGetUtf8ForRange(0, length(), mode);
+    RELEASE_ASSERT(expectedString);
+    return expectedString.value();
 }
 

trunk/Source/WTF/wtf/text/StringImpl.h

@@ -28 +28 @@
 #include <wtf/ASCIICType.h>
 #include <wtf/CheckedArithmetic.h>
+#include <wtf/Expected.h>
 #include <wtf/MathExtras.h>
 #include <wtf/StdLibExtras.h>
@@ -35 +36 @@
 #include <wtf/text/StringCommon.h>
 #include <wtf/text/StringHasher.h>
+#include <wtf/text/UTF8ConversionError.h>
 
 #if USE(CF)
@@ -285 +287 @@
 #endif
 
-    static WTF_EXPORT_PRIVATE CString utf8ForCharacters(const LChar* characters, unsigned length);
-    static WTF_EXPORT_PRIVATE CString utf8ForCharacters(const UChar* characters, unsigned length, ConversionMode = LenientConversion);
-    WTF_EXPORT_PRIVATE CString utf8ForRange(unsigned offset, unsigned length, ConversionMode = LenientConversion) const;
+    static WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> utf8ForCharacters(const LChar* characters, unsigned length);
+    static WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> utf8ForCharacters(const UChar* characters, unsigned length, ConversionMode = LenientConversion);
+
+    WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> tryGetUtf8ForRange(unsigned offset, unsigned length, ConversionMode = LenientConversion) const;
+    WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> tryGetUtf8(ConversionMode = LenientConversion) const;
     WTF_EXPORT_PRIVATE CString utf8(ConversionMode = LenientConversion) const;
 
 private:
-    static WTF_EXPORT_PRIVATE bool utf8Impl(const UChar* characters, unsigned length, char*& buffer, size_t bufferSize, ConversionMode);
+    static WTF_EXPORT_PRIVATE UTF8ConversionError utf8Impl(const UChar* characters, unsigned length, char*& buffer, size_t bufferSize, ConversionMode);
     
     // The high bits of 'hash' are always empty, but we prefer to store our flags
@@ -1203 +1207 @@
 } // namespace WTF
 
+using WTF::StaticStringImpl;
 using WTF::StringImpl;
-using WTF::StaticStringImpl;
 using WTF::equal;
 

trunk/Source/WTF/wtf/text/StringView.cpp

@@ -81 +81 @@
 }
 
-CString StringView::utf8(ConversionMode mode) const
+Expected<CString, UTF8ConversionError> StringView::tryGetUtf8(ConversionMode mode) const
 {
     if (isNull())
@@ -88 +88 @@
         return StringImpl::utf8ForCharacters(characters8(), length());
     return StringImpl::utf8ForCharacters(characters16(), length(), mode);
+}
+
+CString StringView::utf8(ConversionMode mode) const
+{
+    auto expectedString = tryGetUtf8(mode);
+    RELEASE_ASSERT(expectedString);
+    return expectedString.value();
 }
 

trunk/Source/WTF/wtf/text/StringView.h

@@ -37 +37 @@
 #include <wtf/text/LChar.h>
 #include <wtf/text/StringCommon.h>
+#include <wtf/text/UTF8ConversionError.h>
 
 // FIXME: Enabling the StringView lifetime checking causes the MSVC build to fail. Figure out why.
@@ -107 +108 @@
 #endif
 
+    WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> tryGetUtf8(ConversionMode = LenientConversion) const;
     WTF_EXPORT_PRIVATE CString utf8(ConversionMode = LenientConversion) const;
 

trunk/Source/WTF/wtf/text/WTFString.cpp

@@ -805 +805 @@
 }
 
+Expected<CString, UTF8ConversionError> String::tryGetUtf8(ConversionMode mode) const
+{
+    return m_impl ? m_impl->tryGetUtf8(mode) : CString { "", 0 };
+}
+
+Expected<CString, UTF8ConversionError> String::tryGetUtf8() const
+{
+    return tryGetUtf8(LenientConversion);
+}
+
 CString String::utf8(ConversionMode mode) const
 {
-    return m_impl ? m_impl->utf8(mode) : CString { "", 0 };
+    Expected<CString, UTF8ConversionError> expectedString = tryGetUtf8(mode);
+    RELEASE_ASSERT(expectedString);
+    return expectedString.value();
 }
 

trunk/Source/WTF/wtf/text/WTFString.h

@@ -165 +165 @@
     WTF_EXPORT_PRIVATE CString utf8(ConversionMode) const;
     WTF_EXPORT_PRIVATE CString utf8() const;
+
+    WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> tryGetUtf8(ConversionMode) const;
+    WTF_EXPORT_PRIVATE Expected<CString, UTF8ConversionError> tryGetUtf8() const;
 
     UChar characterAt(unsigned index) const;