Context Navigation

← Previous Change
Next Change →

Changeset 34069 in webkit for trunk/JavaScriptCore

Timestamp:

May 23, 2008, 2:38:30 AM (17 years ago)

Author:

Message:

Fix <rdar://problem/5954997> global-recursion-on-full-stack.html crashes under guardmalloc.

Growing the register file with uncheckedGrow from within Machine::execute is not safe as the
register file may be too close to its maximum size to grow successfully. By using grow,
checking the result and throwing a stack overflow error we can avoid crashing.

Reviewed by Oliver Hunt.

VM/Machine.cpp:

(KJS::Machine::execute):

VM/RegisterFile.h: Remove the now-unused uncheckedGrow.

Location:

trunk/JavaScriptCore

Files:

: 3 edited

ChangeLog (modified) (1 diff)
VM/Machine.cpp (modified) (1 diff)
VM/RegisterFile.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/ChangeLog

-              r34067
+              r34069
+-05-23  Mark Rowe  <[email protected]>
+        Reviewed by Oliver Hunt.
+        Fix <rdar://problem/5954997> global-recursion-on-full-stack.html crashes under guardmalloc.
+        Growing the register file with uncheckedGrow from within Machine::execute is not safe as the
+        register file may be too close to its maximum size to grow successfully.  By using grow,
+        checking the result and throwing a stack overflow error we can avoid crashing.
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFile.h: Remove the now-unused uncheckedGrow.
 -05-23  Oliver Hunt  <[email protected]>

trunk/JavaScriptCore/VM/Machine.cpp

-              r34067
+              r34069
     registerFile->addGlobalSlots(codeBlock->numVars);
+    registerFile->uncheckedGrow(codeBlock->numTemporaries);
+    if (!registerFile->grow(codeBlock->numTemporaries)) {
+        registerFileStack->popGlobalRegisterFile();
+        *exception = createStackOverflowError(exec);
+        return 0;
+    }
     Register* r = (*registerFile->basePointer());

trunk/JavaScriptCore/VM/RegisterFile.h

-              r33979
+              r34069
             return true;
+        }
-        void uncheckedGrow(size_t size)
+        {
-            if (size > m_size) {
-                if (size > m_capacity)
-                    growBuffer(size, std::numeric_limits<size_t>::max());
-                m_size = size;
+            }
+        }
         size_t size() { return m_size; }

Note: See TracChangeset for help on using the changeset viewer.