Ignore:
Timestamp:
Apr 7, 2013, 9:14:50 PM (12 years ago)
Author:
[email protected]
Message:

Add bounds checking for WTF::Vector::operator[]
https://bugs.webkit.org/show_bug.cgi?id=89600

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Make a few JSC classes opt-out of release mode bounds checking.

  • assembler/AssemblerBuffer.h:

(AssemblerBuffer):

  • assembler/AssemblerBufferWithConstantPool.h:

(AssemblerBufferWithConstantPool):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::bytecodeOffset):
(JSC):
(JSC::replaceExistingEntries):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
(JSC::CodeBlock::callReturnIndexVector):
(JSC::CodeBlock::codeOrigins):
(RareData):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedEvalCodeBlock::adoptVariables):
(UnlinkedEvalCodeBlock):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitNewArray):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):

  • bytecompiler/BytecodeGenerator.h:

(CallArguments):
(JSC::BytecodeGenerator::instructions):
(BytecodeGenerator):

  • bytecompiler/StaticPropertyAnalysis.h:

(JSC::StaticPropertyAnalysis::create):
(JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
(StaticPropertyAnalysis):

  • bytecompiler/StaticPropertyAnalyzer.h:

(StaticPropertyAnalyzer):
(JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):

  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

  • parser/ASTBuilder.h:

(ASTBuilder):

  • runtime/ArgList.h:

(MarkedArgumentBuffer):

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSort):

Source/WebCore:

Fix exports

  • WebCore.exp.in:

Source/WTF:

Add a template parameter to Vector<> that controls whether
bounds checking is performed in release builds or not.
Defaults to crashing on overflow.

  • wtf/Forward.h:

(WTF):

  • wtf/Vector.h:

(WTF):
(Vector):
(WTF::Vector::at):
(WTF::Vector::removeLast):
(WTF::::Vector):
(WTF::=):
(WTF::::contains):
(WTF::::find):
(WTF::::reverseFind):
(WTF::::fill):
(WTF::::appendRange):
(WTF::::expandCapacity):
(WTF::::tryExpandCapacity):
(WTF::::resize):
(WTF::::shrink):
(WTF::::grow):
(WTF::::reserveCapacity):
(WTF::::tryReserveCapacity):
(WTF::::reserveInitialCapacity):
(WTF::::shrinkCapacity):
(WTF::::append):
(WTF::::tryAppend):
(WTF::::appendSlowCase):
(WTF::::uncheckedAppend):
(WTF::::appendVector):
(WTF::::insert):
(WTF::::prepend):
(WTF::::remove):
(WTF::::reverse):
(WTF::::releaseBuffer):
(WTF::::checkConsistency):
(WTF::deleteAllValues):
(WTF::swap):
(WTF::operator==):
(WTF::operator!=):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/LiteralParser.cpp

    r141168 r147892  
    547547    MarkedArgumentBuffer objectStack;
    548548    JSValue lastValue;
    549     Vector<ParserState, 16> stateStack;
    550     Vector<Identifier, 16> identifierStack;
     549    Vector<ParserState, 16, UnsafeVectorOverflow> stateStack;
     550    Vector<Identifier, 16, UnsafeVectorOverflow> identifierStack;
    551551    while (1) {
    552552        switch(state) {
Note: See TracChangeset for help on using the changeset viewer.