Changeset 53509 in webkit


Ignore:
Timestamp:
Jan 19, 2010 4:58:55 PM (14 years ago)
Author:
mrowe@apple.com
Message:

<rdar://problem/7555330> <http://webkit.org/b/33770> dataFunctionMatrix leaks the array allocated by toArray

Reviewed by Oliver Hunt.

Rework toArray to extract elements in to a vector rather than handing out raw pointers. This prevents
callers from forgetting to free the memory, and gives them the option of using stack buffers for
sufficiently small allocations.

  • bindings/js/JSWebGLRenderingContextCustom.cpp:

(WebCore::JSWebGLRenderingContext::texSubImage2D):
(WebCore::toVector):
(WebCore::dataFunctionf):
(WebCore::dataFunctioni):
(WebCore::dataFunctionMatrix):

Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r53507 r53509  
     12010-01-19  Mark Rowe  <mrowe@apple.com>
     2
     3        Reviewed by Oliver Hunt.
     4
     5        <rdar://problem/7555330> <http://webkit.org/b/33770> dataFunctionMatrix leaks the array allocated by toArray
     6
     7        Rework toArray to extract elements in to a vector rather than handing out raw pointers.  This prevents
     8        callers from forgetting to free the memory, and gives them the option of using stack buffers for
     9        sufficiently small allocations.
     10
     11        * bindings/js/JSWebGLRenderingContextCustom.cpp:
     12        (WebCore::JSWebGLRenderingContext::texSubImage2D):
     13        (WebCore::toVector):
     14        (WebCore::dataFunctionf):
     15        (WebCore::dataFunctioni):
     16        (WebCore::dataFunctionMatrix):
     17
    1182010-01-19  Carol Szabo  <carol.szabo@nokia.com>
    219

  • trunk/WebCore/bindings/js/JSWebGLRenderingContextCustom.cpp

    r52821 r53509  
    503503   
    504504    setDOMException(exec, ec);
    505     return jsUndefined();   
    506 }
    507 
    508 template<typename T>
    509 void toArray(JSC::ExecState* exec, JSC::JSValue value, T*& array, int& size)
    510 {
    511     array = 0;
    512    
     505    return jsUndefined();
     506}
     507
     508template<typename T, size_t inlineCapacity>
     509bool toVector(JSC::ExecState* exec, JSC::JSValue value, Vector<T, inlineCapacity>& vector)
     510{
    513511    if (!value.isObject())
    514         return;
    515        
     512        return false;
     513
    516514    JSC::JSObject* object = asObject(value);
    517     int length = object->get(exec, JSC::Identifier(exec, "length")).toInt32(exec);
    518     void* tempValues;
    519     if (!tryFastMalloc(length * sizeof(T)).getValue(tempValues))
    520         return;
    521    
    522     T* values = static_cast<T*>(tempValues);
    523     for (int i = 0; i < length; ++i) {
     515    int32_t length = object->get(exec, JSC::Identifier(exec, "length")).toInt32(exec);
     516    vector.resize(length);
     517
     518    for (int32_t i = 0; i < length; ++i) {
    524519        JSC::JSValue v = object->get(exec, i);
    525520        if (exec->hadException())
    526             return;
    527         values[i] = static_cast<T>(v.toNumber(exec));
    528     }
    529 
    530     array = values;
    531     size = length;
     521            return false;
     522        vector[i] = static_cast<T>(v.toNumber(exec));
     523    }
     524
     525    return true;
    532526}
    533527
     
    591585        return jsUndefined();
    592586    }
    593    
    594     float* array;
    595     int size;
    596     toArray<float>(exec, args.at(1), array, size);
    597    
    598     if (!array)
     587
     588    Vector<float, 64> array;
     589    if (!toVector(exec, args.at(1), array))
    599590        return throwError(exec, TypeError);
    600591
    601     switch(f) {
    602         case f_uniform1v: context->uniform1fv(location, array, size, ec); break;
    603         case f_uniform2v: context->uniform2fv(location, array, size, ec); break;
    604         case f_uniform3v: context->uniform3fv(location, array, size, ec); break;
    605         case f_uniform4v: context->uniform4fv(location, array, size, ec); break;
    606         case f_vertexAttrib1v: context->vertexAttrib1fv(index, array, size); break;
    607         case f_vertexAttrib2v: context->vertexAttrib2fv(index, array, size); break;
    608         case f_vertexAttrib3v: context->vertexAttrib3fv(index, array, size); break;
    609         case f_vertexAttrib4v: context->vertexAttrib4fv(index, array, size); break;
     592    switch (f) {
     593        case f_uniform1v: context->uniform1fv(location, array.data(), array.size(), ec); break;
     594        case f_uniform2v: context->uniform2fv(location, array.data(), array.size(), ec); break;
     595        case f_uniform3v: context->uniform3fv(location, array.data(), array.size(), ec); break;
     596        case f_uniform4v: context->uniform4fv(location, array.data(), array.size(), ec); break;
     597        case f_vertexAttrib1v: context->vertexAttrib1fv(index, array.data(), array.size()); break;
     598        case f_vertexAttrib2v: context->vertexAttrib2fv(index, array.data(), array.size()); break;
     599        case f_vertexAttrib3v: context->vertexAttrib3fv(index, array.data(), array.size()); break;
     600        case f_vertexAttrib4v: context->vertexAttrib4fv(index, array.data(), array.size()); break;
    610601    }
    611602   
     
    641632        return jsUndefined();
    642633    }
    643    
    644     int* array;
    645     int size;
    646     toArray<int>(exec, args.at(1), array, size);
    647    
    648     if (!array)
     634
     635
     636    Vector<int, 64> array;
     637    if (!toVector(exec, args.at(1), array))
    649638        return throwError(exec, TypeError);
    650639
    651     switch(f) {
    652         case f_uniform1v: context->uniform1iv(location, array, size, ec); break;
    653         case f_uniform2v: context->uniform2iv(location, array, size, ec); break;
    654         case f_uniform3v: context->uniform3iv(location, array, size, ec); break;
    655         case f_uniform4v: context->uniform4iv(location, array, size, ec); break;
     640    switch (f) {
     641        case f_uniform1v: context->uniform1iv(location, array.data(), array.size(), ec); break;
     642        case f_uniform2v: context->uniform2iv(location, array.data(), array.size(), ec); break;
     643        case f_uniform3v: context->uniform3iv(location, array.data(), array.size(), ec); break;
     644        case f_uniform4v: context->uniform4iv(location, array.data(), array.size(), ec); break;
    656645        default: break;
    657646    }
     
    690679        return jsUndefined();
    691680    }
    692    
    693     float* array;
    694     int size;
    695     toArray<float>(exec, args.at(2), array, size);
    696    
    697     if (!array)
     681
     682    Vector<float, 64> array;
     683    if (!toVector(exec, args.at(2), array))
    698684        return throwError(exec, TypeError);
    699685
    700     switch(f) {
    701         case f_uniformMatrix2fv: context->uniformMatrix2fv(location, transpose, array, size, ec); break;
    702         case f_uniformMatrix3fv: context->uniformMatrix3fv(location, transpose, array, size, ec); break;
    703         case f_uniformMatrix4fv: context->uniformMatrix4fv(location, transpose, array, size, ec); break;
    704     }
    705    
     686    switch (f) {
     687        case f_uniformMatrix2fv: context->uniformMatrix2fv(location, transpose, array.data(), array.size(), ec); break;
     688        case f_uniformMatrix3fv: context->uniformMatrix3fv(location, transpose, array.data(), array.size(), ec); break;
     689        case f_uniformMatrix4fv: context->uniformMatrix4fv(location, transpose, array.data(), array.size(), ec); break;
     690    }
     691
    706692    setDOMException(exec, ec);
    707693    return jsUndefined();
Note: See TracChangeset for help on using the changeset viewer.