Changeset 147892 in webkit for trunk/Source/JavaScriptCore/runtime/JSStringBuilder.h

Timestamp:

Apr 7, 2013, 9:14:50 PM (12 years ago)

Author:

[email protected]

Message:

Add bounds checking for WTF::Vector::operator[]
​https://bugs.webkit.org/show_bug.cgi?id=89600

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Make a few JSC classes opt-out of release mode bounds checking.

• assembler/AssemblerBuffer.h:

(AssemblerBuffer):

• assembler/AssemblerBufferWithConstantPool.h:

(AssemblerBufferWithConstantPool):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::bytecodeOffset):
(JSC):
(JSC::replaceExistingEntries):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
(JSC::CodeBlock::callReturnIndexVector):
(JSC::CodeBlock::codeOrigins):
(RareData):

• bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedEvalCodeBlock::adoptVariables):
(UnlinkedEvalCodeBlock):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitNewArray):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):

• bytecompiler/BytecodeGenerator.h:

(CallArguments):
(JSC::BytecodeGenerator::instructions):
(BytecodeGenerator):

• bytecompiler/StaticPropertyAnalysis.h:

(JSC::StaticPropertyAnalysis::create):
(JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
(StaticPropertyAnalysis):

• bytecompiler/StaticPropertyAnalyzer.h:

(StaticPropertyAnalyzer):
(JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

• parser/ASTBuilder.h:

(ASTBuilder):

• runtime/ArgList.h:

(MarkedArgumentBuffer):

• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSort):

Source/WebCore:

Fix exports

• WebCore.exp.in:

Source/WTF:

Add a template parameter to Vector<> that controls whether
bounds checking is performed in release builds or not.
Defaults to crashing on overflow.

• wtf/Forward.h:

(WTF):

• wtf/Vector.h:

(WTF):
(Vector):
(WTF::Vector::at):
(WTF::Vector::removeLast):
(WTF::::Vector):
(WTF::=):
(WTF::::contains):
(WTF::::find):
(WTF::::reverseFind):
(WTF::::fill):
(WTF::::appendRange):
(WTF::::expandCapacity):
(WTF::::tryExpandCapacity):
(WTF::::resize):
(WTF::::shrink):
(WTF::::grow):
(WTF::::reserveCapacity):
(WTF::::tryReserveCapacity):
(WTF::::reserveInitialCapacity):
(WTF::::shrinkCapacity):
(WTF::::append):
(WTF::::tryAppend):
(WTF::::appendSlowCase):
(WTF::::uncheckedAppend):
(WTF::::appendVector):
(WTF::::insert):
(WTF::::prepend):
(WTF::::remove):
(WTF::::reverse):
(WTF::::releaseBuffer):
(WTF::::checkConsistency):
(WTF::deleteAllValues):
(WTF::swap):
(WTF::operator==):
(WTF::operator!=):

File:

• trunk/Source/JavaScriptCore/runtime/JSStringBuilder.h (modified) (1 diff)

trunk/Source/JavaScriptCore/runtime/JSStringBuilder.h

@@ -138 +138 @@
 
 protected:
-    Vector<LChar, 64> buffer8;
-    Vector<UChar, 64> buffer16;
+    Vector<LChar, 64, UnsafeVectorOverflow> buffer8;
+    Vector<UChar, 64, UnsafeVectorOverflow> buffer16;
     bool m_okay;
     bool m_is8Bit;