Changeset 236804 in webkit
- Timestamp:
- Oct 3, 2018 11:28:55 AM (6 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r236737 r236804 1 2018-10-03 Mark Lam <mark.lam@apple.com> 2 3 Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. 4 https://bugs.webkit.org/show_bug.cgi?id=190187 5 <rdar://problem/42512909> 6 7 Reviewed by Michael Saboff. 8 9 * stress/regress-190187.js: Added. 10 1 11 2018-10-02 Caio Lima <ticaiolima@gmail.com> 2 12 -
trunk/Source/JavaScriptCore/ChangeLog
r236791 r236804 1 2018-10-03 Mark Lam <mark.lam@apple.com> 2 3 Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. 4 https://bugs.webkit.org/show_bug.cgi?id=190187 5 <rdar://problem/42512909> 6 7 Reviewed by Michael Saboff. 8 9 Allowing different max string lengths at each level opens up opportunities for 10 bugs to creep in. With 2 different max length values, it is more difficult to 11 keep the story straight on how we do overflow / bounds checks at each place in 12 the code. It's also difficult to tell if a seemingly valid check at the WTF level 13 will have bad ramifications at the JSC level. Also, it's also not meaningful to 14 support a max length > INT_MAX. To eliminate this class of bugs, we'll 15 standardize on a MaxLength of INT_MAX at all levels. 16 17 We'll also standardize the way we do length overflow checks on using 18 CheckedArithmetic, and add some asserts to document the assumptions of the code. 19 20 * runtime/FunctionConstructor.cpp: 21 (JSC::constructFunctionSkippingEvalEnabledCheck): 22 - Fix OOM error handling which crashed a test after the new MaxLength was applied. 23 * runtime/JSString.h: 24 (JSC::JSString::finishCreation): 25 (JSC::JSString::createHasOtherOwner): 26 (JSC::JSString::setLength): 27 * runtime/JSStringInlines.h: 28 (JSC::jsMakeNontrivialString): 29 * runtime/Operations.h: 30 (JSC::jsString): 31 1 32 2018-10-03 Koby Boyango <koby.b@mce-sys.com> 2 33 -
trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp
r236697 r236804 145 145 // The spec mandates that the parameters parse as a valid parameter list 146 146 // independent of the function body. 147 String program = makeString("(", prefix, "(", parameterBuilder.toString(), "){\n\n})"); 147 String program = tryMakeString("(", prefix, "(", parameterBuilder.toString(), "){\n\n})"); 148 if (UNLIKELY(!program)) { 149 throwOutOfMemoryError(exec, scope); 150 return nullptr; 151 } 148 152 SourceCode source = makeSource(program, sourceOrigin, sourceURL, position); 149 153 JSValue exception; -
trunk/Source/JavaScriptCore/runtime/JSString.h
r236369 r236804 96 96 } 97 97 98 static const unsigned MaxLength = std::numeric_limits<int32_t>::max(); 99 98 // We employ overflow checks in many places with the assumption that MaxLength 99 // is INT_MAX. Hence, it cannot be changed into another length value without 100 // breaking all the bounds and overflow checks that assume this. 101 static constexpr unsigned MaxLength = std::numeric_limits<int32_t>::max(); 102 static_assert(MaxLength == String::MaxLength, ""); 103 100 104 private: 101 105 JSString(VM& vm, Ref<StringImpl>&& value) … … 110 114 } 111 115 112 void finishCreation(VM& vm, size_tlength)116 void finishCreation(VM& vm, unsigned length) 113 117 { 114 118 ASSERT(!m_value.isNull()); … … 118 122 } 119 123 120 void finishCreation(VM& vm, size_tlength, size_t cost)124 void finishCreation(VM& vm, unsigned length, size_t cost) 121 125 { 122 126 ASSERT(!m_value.isNull()); … … 146 150 static JSString* createHasOtherOwner(VM& vm, Ref<StringImpl>&& value) 147 151 { 148 size_tlength = value->length();152 unsigned length = value->length(); 149 153 JSString* newString = new (NotNull, allocateCell<JSString>(vm.heap)) JSString(vm, WTFMove(value)); 150 154 newString->finishCreation(vm, length); … … 210 214 ALWAYS_INLINE void setLength(unsigned length) 211 215 { 216 ASSERT(length <= MaxLength); 212 217 m_length = length; 213 218 } … … 256 261 if (m_index == JSRopeString::s_maxInternalRopeLength) 257 262 expand(); 258 if (static_cast<int32_t>(m_jsString->length() + jsString->length()) < 0) { 263 264 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), ""); 265 auto sum = checkedSum<int32_t>(m_jsString->length(), jsString->length()); 266 if (sum.hasOverflowed()) { 259 267 this->overflowed(); 260 268 return false; 261 269 } 270 ASSERT(static_cast<unsigned>(sum.unsafeGet()) <= MaxLength); 262 271 m_jsString->append(m_vm, m_index++, jsString); 263 272 return true; -
trunk/Source/JavaScriptCore/runtime/JSStringInlines.h
r225150 r236804 1 1 /* 2 * Copyright (C) 2016 Apple Inc. All rights reserved.2 * Copyright (C) 2016-2018 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 51 51 if (UNLIKELY(!result)) 52 52 return throwOutOfMemoryError(exec, scope); 53 ASSERT(result.length() <= JSString::MaxLength); 53 54 return jsNontrivialString(exec, WTFMove(result)); 54 55 } -
trunk/Source/JavaScriptCore/runtime/Operations.h
r236697 r236804 1 1 /* 2 2 * Copyright (C) 1999-2000 Harri Porten (porten@kde.org) 3 * Copyright (C) 2002-201 7Apple Inc. All rights reserved.3 * Copyright (C) 2002-2018 Apple Inc. All rights reserved. 4 4 * 5 5 * This library is free software; you can redistribute it and/or … … 43 43 auto scope = DECLARE_THROW_SCOPE(vm); 44 44 45 int32_tlength1 = s1->length();45 unsigned length1 = s1->length(); 46 46 if (!length1) 47 47 return s2; 48 int32_tlength2 = s2->length();48 unsigned length2 = s2->length(); 49 49 if (!length2) 50 50 return s1; 51 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), ""); 51 52 if (sumOverflows<int32_t>(length1, length2)) { 52 53 throwOutOfMemoryError(exec, scope); … … 62 63 auto scope = DECLARE_THROW_SCOPE(vm); 63 64 64 int32_tlength1 = s1->length();65 unsigned length1 = s1->length(); 65 66 if (!length1) 66 67 RELEASE_AND_RETURN(scope, jsString(exec, s2, s3)); 67 68 68 int32_tlength2 = s2->length();69 unsigned length2 = s2->length(); 69 70 if (!length2) 70 71 RELEASE_AND_RETURN(scope, jsString(exec, s1, s3)); 71 72 72 int32_tlength3 = s3->length();73 unsigned length3 = s3->length(); 73 74 if (!length3) 74 75 RELEASE_AND_RETURN(scope, jsString(exec, s1, s2)); 75 76 76 77 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), ""); 77 78 if (sumOverflows<int32_t>(length1, length2, length3)) { 78 79 throwOutOfMemoryError(exec, scope); … … 87 88 auto scope = DECLARE_THROW_SCOPE(*vm); 88 89 89 int32_t length1 = u1.length(); 90 int32_t length2 = u2.length(); 91 int32_t length3 = u3.length(); 92 93 if (length1 < 0 || length2 < 0 || length3 < 0) { 94 throwOutOfMemoryError(exec, scope); 95 return nullptr; 96 } 97 90 unsigned length1 = u1.length(); 91 unsigned length2 = u2.length(); 92 unsigned length3 = u3.length(); 93 ASSERT(length1 <= JSString::MaxLength); 94 ASSERT(length2 <= JSString::MaxLength); 95 ASSERT(length3 <= JSString::MaxLength); 96 98 97 if (!length1) 99 98 RELEASE_AND_RETURN(scope, jsString(exec, jsString(vm, u2), jsString(vm, u3))); … … 105 104 RELEASE_AND_RETURN(scope, jsString(exec, jsString(vm, u1), jsString(vm, u2))); 106 105 106 static_assert(JSString::MaxLength == std::numeric_limits<int32_t>::max(), ""); 107 107 if (sumOverflows<int32_t>(length1, length2, length3)) { 108 108 throwOutOfMemoryError(exec, scope); -
trunk/Source/WTF/ChangeLog
r236790 r236804 1 2018-10-03 Mark Lam <mark.lam@apple.com> 2 3 Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. 4 https://bugs.webkit.org/show_bug.cgi?id=190187 5 <rdar://problem/42512909> 6 7 Reviewed by Michael Saboff. 8 9 * wtf/text/StringConcatenate.h: 10 (WTF::tryMakeStringFromAdapters): 11 (WTF::sumWithOverflow): Deleted. 12 * wtf/text/StringImpl.h: 13 * wtf/text/WTFString.h: 14 1 15 2018-10-03 Michael Catanzaro <mcatanzaro@igalia.com> 2 16 -
trunk/Source/WTF/wtf/text/StringConcatenate.h
r228576 r236804 1 1 /* 2 * Copyright (C) 2010-201 6Apple Inc. All rights reserved.2 * Copyright (C) 2010-2018 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 28 28 29 29 #include <string.h> 30 #include <wtf/CheckedArithmetic.h> 30 31 31 32 #ifndef AtomicString_h … … 142 143 ++length; 143 144 144 if (length > std::numeric_limits<unsigned>::max()) // FIXME this is silly https://bugs.webkit.org/show_bug.cgi?id=165790 145 CRASH(); 146 145 RELEASE_ASSERT(length <= String::MaxLength); 147 146 m_length = length; 148 147 } … … 260 259 }; 261 260 262 inline void sumWithOverflow(bool& overflow, unsigned& total, unsigned addend)263 {264 unsigned oldTotal = total;265 total = oldTotal + addend;266 if (total < oldTotal)267 overflow = true;268 }269 270 template<typename... Unsigned>271 inline void sumWithOverflow(bool& overflow, unsigned& total, unsigned addend, Unsigned ...addends)272 {273 unsigned oldTotal = total;274 total = oldTotal + addend;275 if (total < oldTotal)276 overflow = true;277 sumWithOverflow(overflow, total, addends...);278 }279 280 261 template<typename Adapter> 281 262 inline bool are8Bit(Adapter adapter) … … 306 287 String tryMakeStringFromAdapters(StringTypeAdapter adapter, StringTypeAdapters ...adapters) 307 288 { 308 bool overflow = false; 309 unsigned length = adapter.length(); 310 sumWithOverflow(overflow, length, adapters.length()...); 311 if (overflow) 289 static_assert(String::MaxLength == std::numeric_limits<int32_t>::max(), ""); 290 auto sum = checkedSum<int32_t>(adapter.length(), adapters.length()...); 291 if (sum.hasOverflowed()) 312 292 return String(); 313 293 294 unsigned length = sum.unsafeGet(); 295 ASSERT(length <= String::MaxLength); 314 296 if (are8Bit(adapter, adapters...)) { 315 297 LChar* buffer; -
trunk/Source/WTF/wtf/text/StringImpl.h
r236599 r236804 1 1 /* 2 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 3 * Copyright (C) 2005-201 7Apple Inc. All rights reserved.3 * Copyright (C) 2005-2018 Apple Inc. All rights reserved. 4 4 * Copyright (C) 2009 Google Inc. All rights reserved. 5 5 * … … 131 131 class StringImplShape { 132 132 WTF_MAKE_NONCOPYABLE(StringImplShape); 133 public: 134 static constexpr unsigned MaxLength = std::numeric_limits<int32_t>::max(); 135 133 136 protected: 134 137 StringImplShape(unsigned refCount, unsigned length, const LChar*, unsigned hashAndFlags); … … 180 183 public: 181 184 enum BufferOwnership { BufferInternal, BufferOwned, BufferSubstring, BufferExternal }; 185 186 static constexpr unsigned MaxLength = StringImplShape::MaxLength; 182 187 183 188 // The bottom 6 bits in the hash are flags. -
trunk/Source/WTF/wtf/text/WTFString.h
r235721 r236804 365 365 // This is useful for clearing String-based caches. 366 366 void clearImplIfNotShared(); 367 368 static constexpr unsigned MaxLength = StringImpl::MaxLength; 367 369 368 370 private:
Note: See TracChangeset
for help on using the changeset viewer.