Context Navigation

← Previous Change
Next Change →

Machine.cpp

Timestamp:

May 23, 2008, 2:38:30 AM (17 years ago)

Author:

Message:

Fix <rdar://problem/5954997> global-recursion-on-full-stack.html crashes under guardmalloc.

Growing the register file with uncheckedGrow from within Machine::execute is not safe as the
register file may be too close to its maximum size to grow successfully. By using grow,
checking the result and throwing a stack overflow error we can avoid crashing.

Reviewed by Oliver Hunt.

VM/Machine.cpp:

(KJS::Machine::execute):

VM/RegisterFile.h: Remove the now-unused uncheckedGrow.

File:

: 1 edited

trunk/JavaScriptCore/VM/Machine.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/VM/Machine.cpp

-              r34067
+              r34069
     registerFile->addGlobalSlots(codeBlock->numVars);
+    registerFile->uncheckedGrow(codeBlock->numTemporaries);
+    if (!registerFile->grow(codeBlock->numTemporaries)) {
+        registerFileStack->popGlobalRegisterFile();
+        *exception = createStackOverflowError(exec);
+        return 0;
+    }
     Register* r = (*registerFile->basePointer());

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 34069 in webkit for trunk/JavaScriptCore/VM/Machine.cpp

Legend:

trunk/JavaScriptCore/VM/Machine.cpp

Download in other formats: