Changeset 227898 in webkit for trunk/Source/JavaScriptCore/jsc.cpp

Timestamp:

Jan 31, 2018, 2:18:28 AM (7 years ago)

Author:

[email protected]

Message:

JSC incorrectly interpreting script, sets Global Property instead of Global Lexical variable (LiteralParser / JSONP path)
​https://bugs.webkit.org/show_bug.cgi?id=182074
<rdar://problem/36846261>

Reviewed by Mark Lam.

JSTests:

• stress/jsonp-program-evaluate-path-must-consider-global-lexical-environment.js: Added.

(assert):
(let.func):
(let.o.foo):
(varFunc):

LayoutTests/imported/w3c:

• web-platform-tests/service-workers/service-worker/import-scripts-updated-flag.https-expected.txt:

Source/JavaScriptCore:

This patch teaches the JSONP evaluator about the global lexical environment.
Before, it was using the global object as the global scope, but that's wrong.
The global lexical environment is the first node in the global scope chain.

• interpreter/Interpreter.cpp:

(JSC::Interpreter::executeProgram):

• jsc.cpp:

(GlobalObject::finishCreation):
(shellSupportsRichSourceInfo):
(functionDisableRichSourceInfo):

• runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::tryJSONPParse):

• runtime/LiteralParser.h:

LayoutTests:

• http/tests/security/regress-52192-expected.txt:

File:

• trunk/Source/JavaScriptCore/jsc.cpp (modified) (4 diffs)

trunk/Source/JavaScriptCore/jsc.cpp

@@ -342 +342 @@
 static EncodedJSValue JSC_HOST_CALL functionHeapCapacity(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionFlashHeapAccess(ExecState*);
+static EncodedJSValue JSC_HOST_CALL functionDisableRichSourceInfo(ExecState*);
 
 struct Script {
@@ -597 +598 @@
         addFunction(vm, "heapCapacity", functionHeapCapacity, 0);
         addFunction(vm, "flashHeapAccess", functionFlashHeapAccess, 0);
+
+        addFunction(vm, "disableRichSourceInfo", functionDisableRichSourceInfo, 0);
     }
     
@@ -616 +619 @@
 };
 
+static bool supportsRichSourceInfo = true;
+static bool shellSupportsRichSourceInfo(const JSGlobalObject*)
+{
+    return supportsRichSourceInfo;
+}
+
 const ClassInfo GlobalObject::s_info = { "global", &JSGlobalObject::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(GlobalObject) };
 const GlobalObjectMethodTable GlobalObject::s_globalObjectMethodTable = {
-    &supportsRichSourceInfo,
+    &shellSupportsRichSourceInfo,
     &shouldInterruptScript,
     &javaScriptRuntimeFlags,
@@ -1734 +1743 @@
 }
 
+EncodedJSValue JSC_HOST_CALL functionDisableRichSourceInfo(ExecState*)
+{
+    supportsRichSourceInfo = false;
+    return JSValue::encode(jsUndefined());
+}
+
 template<typename ValueType>
 typename std::enable_if<!std::is_fundamental<ValueType>::value>::type addOption(VM&, JSObject*, Identifier, ValueType) { }