Changeset 194409 in webkit for trunk/Source/JavaScriptCore/API/JSScriptRef.cpp

Timestamp:

Dec 23, 2015, 6:17:03 PM (9 years ago)

Author:

[email protected]

Message:

jsc CLI tool crashes on EOF.
<​https://webkit.org/b/152522>

Reviewed by Benjamin Poulain.

SourceProvider should treat String() like the empty string for hashing purposes.
This was a subtle behavior change in r194017 due to how zero-length strings are
treated by StringImpl::createSubstringSharingImpl().

I made these SourceProviders store a Ref<StringImpl> internally instead of a
String, to codify the fact that these strings can't be null strings.

I couldn't find a way to cause this crash through the API.

• API/JSScriptRef.cpp:

(OpaqueJSScript::OpaqueJSScript):

• parser/SourceProvider.h:

(JSC::StringSourceProvider::StringSourceProvider):

File:

• trunk/Source/JavaScriptCore/API/JSScriptRef.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/API/JSScriptRef.cpp

@@ -49 +49 @@
     unsigned hash() const override
     {
-        return m_source.impl()->hash();
+        return m_source.get().hash();
     }
 
     StringView source() const override
     {
-        return m_source;
+        return m_source.get();
     }
 
@@ -63 +63 @@
         : SourceProvider(url, TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first()))
         , m_vm(vm)
-        , m_source(source)
+        , m_source(source.isNull() ? *StringImpl::empty() : *source.impl())
     {
     }
@@ -70 +70 @@
 
     VM* m_vm;
-    String m_source;
+    Ref<StringImpl> m_source;
 };