Changeset 96438 in webkit

Timestamp:

Sep 30, 2011 4:54:44 PM (13 years ago)

Author:

barraclough@apple.com

Message:

StringRecursionChecker should not work in terms of EncodedJSValue
​https://bugs.webkit.org/show_bug.cgi?id=69188

Reviewed by Oliver Hunt.

0 is not the empty value on 32_64.
Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.

• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):

• runtime/ErrorPrototype.cpp:

(JSC::errorProtoFuncToString):

• runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncToString):

• runtime/StringRecursionChecker.cpp:

(JSC::StringRecursionChecker::throwStackOverflowError):
(JSC::StringRecursionChecker::emptyString):

• runtime/StringRecursionChecker.h:

(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::earlyReturnValue):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/ArrayPrototype.cpp (modified) (3 diffs)
• runtime/ErrorPrototype.cpp (modified) (1 diff)
• runtime/RegExpPrototype.cpp (modified) (1 diff)
• runtime/StringRecursionChecker.cpp (modified) (1 diff)
• runtime/StringRecursionChecker.h (modified) (3 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-09-30  Gavin Barraclough  <barraclough@apple.com>
+
+        StringRecursionChecker should not work in terms of EncodedJSValue
+        https://bugs.webkit.org/show_bug.cgi?id=69188
+
+        Reviewed by Oliver Hunt.
+
+        0 is not the empty value on 32_64.
+        Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::errorProtoFuncToString):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncToString):
+        * runtime/StringRecursionChecker.cpp:
+        (JSC::StringRecursionChecker::throwStackOverflowError):
+        (JSC::StringRecursionChecker::emptyString):
+        * runtime/StringRecursionChecker.h:
+        (JSC::StringRecursionChecker::performCheck):
+        (JSC::StringRecursionChecker::earlyReturnValue):
+
 2011-09-30  Gavin Barraclough  <barraclough@apple.com>
 

trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

@@ -181 +181 @@
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     unsigned totalSize = length ? length - 1 : 0;
@@ -244 +244 @@
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     JSStringBuilder strBuffer;
@@ -278 +278 @@
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     JSStringBuilder strBuffer;

trunk/Source/JavaScriptCore/runtime/ErrorPrototype.cpp

@@ -80 +80 @@
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     JSValue name = thisObj->get(exec, exec->propertyNames().name);

trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp

@@ -143 +143 @@
 
     StringRecursionChecker checker(exec, thisObject);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     char postfix[5] = { '/', 0, 0, 0, 0 };

trunk/Source/JavaScriptCore/runtime/StringRecursionChecker.cpp

@@ -26 +26 @@
 namespace JSC {
 
-EncodedJSValue StringRecursionChecker::throwStackOverflowError()
+JSValue StringRecursionChecker::throwStackOverflowError()
 {
-    return throwVMError(m_exec, createStackOverflowError(m_exec));
+    return throwError(m_exec, createStackOverflowError(m_exec));
 }
 
-EncodedJSValue StringRecursionChecker::emptyString()
+JSValue StringRecursionChecker::emptyString()
 {
-    return JSValue::encode(jsEmptyString(m_exec));
+    return jsEmptyString(m_exec);
 }
 

trunk/Source/JavaScriptCore/runtime/StringRecursionChecker.h

@@ -32 +32 @@
     ~StringRecursionChecker();
 
-    EncodedJSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
+    JSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
 
 private:
-    EncodedJSValue throwStackOverflowError();
-    EncodedJSValue emptyString();
-    EncodedJSValue performCheck();
+    JSValue throwStackOverflowError();
+    JSValue emptyString();
+    JSValue performCheck();
 
     ExecState* m_exec;
     JSObject* m_thisObject;
-    EncodedJSValue m_earlyReturnValue;
+    JSValue m_earlyReturnValue;
 };
 
-inline EncodedJSValue StringRecursionChecker::performCheck()
+inline JSValue StringRecursionChecker::performCheck()
 {
     int size = m_exec->globalData().stringRecursionCheckVisitedObjects.size();
@@ -52 +52 @@
     if (alreadyVisited)
         return emptyString(); // Return empty string to avoid infinite recursion.
-    return 0; // Indicate success.
+    return JSValue(); // Indicate success.
 }
 
@@ -62 +62 @@
 }
 
-inline EncodedJSValue StringRecursionChecker::earlyReturnValue() const
+inline JSValue StringRecursionChecker::earlyReturnValue() const
 {
     return m_earlyReturnValue;