Ignore:
Timestamp:
Dec 1, 2008, 1:07:07 AM (16 years ago)
Author:
[email protected]
Message:

2008-12-01 Cameron Zwarich <[email protected]>

Reviewed by Sam Weinig.

Preliminary work for bug 20340: SegmentedVector segment allocations can lead to unsafe use of temporary registers
<https://bugs.webkit.org/show_bug.cgi?id=20340>

SegmentedVector currently frees segments and reallocates them when used
as a stack. This can lead to unsafe use of pointers into freed segments.

In order to fix this problem, SegmentedVector will be changed to only
grow and never shrink, with the sole exception of clearing all of its
data, a capability that is required by Lexer. This patch changes the
public interface to only allow for these capabilities.

  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): Use reserveCapacity() instead of resize() for m_globals and m_parameters.
  • bytecompiler/SegmentedVector.h: (JSC::SegmentedVector::resize): Removed. (JSC::SegmentedVector::reserveCapacity): Added. (JSC::SegmentedVector::clear): Added. (JSC::SegmentedVector::shrink): Removed. (JSC::SegmentedVector::grow): Removed.
  • parser/Lexer.cpp: (JSC::Lexer::clear): Use clear() instead of resize(0).
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

    r38635 r38856  
    243243
    244244    // Add previously defined symbols to bookkeeping.
    245     m_globals.resize(symbolTable->size());
     245    m_globals.reserveCapacity(symbolTable->size());
    246246    SymbolTable::iterator end = symbolTable->end();
    247247    for (SymbolTable::iterator it = symbolTable->begin(); it != end; ++it)
     
    342342    size_t parameterCount = functionBody->parameterCount();
    343343    m_nextParameterIndex = -RegisterFile::CallFrameHeaderSize - parameterCount - 1;
    344     m_parameters.resize(1 + parameterCount); // reserve space for "this"
     344    m_parameters.reserveCapacity(1 + parameterCount); // reserve space for "this"
    345345
    346346    // Add "this" as a parameter
Note: See TracChangeset for help on using the changeset viewer.