Changeset 61588 in webkit for trunk/JavaScriptCore/interpreter

Timestamp:

Jun 21, 2010, 4:17:48 PM (15 years ago)

Author:

[email protected]

Message:

2010-06-21 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Make JSC more resilient in the face of parse failures
​https://bugs.webkit.org/show_bug.cgi?id=40951

A number of recent bugs have occurred due to issues like miscounting
BOMs, etc which lead to interesting crashes later on. Adding this
logic hardens JSC in the face of these errors, and has no impact on
performance (32bit jit actually gets 0.7% faster but I put that down
to cache effects).

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): (JSC::CodeBlock::lineNumberForBytecodeOffset): (JSC::CodeBlock::expressionRangeForBytecodeOffset): (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
• bytecode/CodeBlock.h: (JSC::CodeBlock::bytecodeOffset):
• interpreter/Interpreter.cpp: (JSC::Interpreter::execute): (JSC::Interpreter::executeCall): (JSC::Interpreter::executeConstruct): (JSC::Interpreter::prepareForRepeatCall): (JSC::Interpreter::privateExecute):
• jit/JITOpcodes.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines):
• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
• runtime/ArrayPrototype.cpp: (JSC::isNumericCompareFunction):
• runtime/Executable.cpp: (JSC::FunctionExecutable::compileForCall): (JSC::FunctionExecutable::compileForConstruct): (JSC::FunctionExecutable::generateJITCodeForCall): (JSC::FunctionExecutable::generateJITCodeForConstruct): (JSC::FunctionExecutable::reparseExceptionInfo): (JSC::EvalExecutable::reparseExceptionInfo):
• runtime/Executable.h: (JSC::FunctionExecutable::bytecodeForCall): (JSC::FunctionExecutable::bytecodeForConstruct):
• runtime/JSGlobalData.cpp: (JSC::JSGlobalData::numericCompareFunction):

File:

• trunk/JavaScriptCore/interpreter/Interpreter.cpp (modified) (8 diffs)

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -644 +644 @@
 
     CodeBlock* codeBlock = &program->bytecode(callFrame, scopeChain);
+    if (!codeBlock) {
+        *exception = createStackOverflowError(callFrame);
+        return jsNull();
+    }
 
     Register* oldEnd = m_registerFile.end();
@@ -723 +727 @@
     if (callType == CallTypeJS) {
         ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
-        CodeBlock* newCodeBlock = &callData.js.functionExecutable->bytecodeForCall(callFrame, callDataScopeChain);
-
-        newCallFrame = slideRegisterWindowForCall(newCodeBlock, &m_registerFile, newCallFrame, registerOffset, argCount);
+        CodeBlock* newCodeBlock = callData.js.functionExecutable->bytecodeForCall(callFrame, callDataScopeChain);
+
+        if (newCodeBlock)
+            newCallFrame = slideRegisterWindowForCall(newCodeBlock, &m_registerFile, newCallFrame, registerOffset, argCount);
+        else
+            newCallFrame = 0;
         if (UNLIKELY(!newCallFrame)) {
             *exception = createStackOverflowError(callFrame);
@@ -812 +819 @@
     if (constructType == ConstructTypeJS) {
         ScopeChainNode* constructDataScopeChain = constructData.js.scopeChain;
-        CodeBlock* newCodeBlock = &constructData.js.functionExecutable->bytecodeForConstruct(callFrame, constructDataScopeChain);
-
-        newCallFrame = slideRegisterWindowForCall(newCodeBlock, &m_registerFile, newCallFrame, registerOffset, argCount);
+        CodeBlock* newCodeBlock = constructData.js.functionExecutable->bytecodeForConstruct(callFrame, constructDataScopeChain);
+        if (newCodeBlock)
+            newCallFrame = slideRegisterWindowForCall(newCodeBlock, &m_registerFile, newCallFrame, registerOffset, argCount);
+        else
+            newCallFrame = 0;
+
         if (UNLIKELY(!newCallFrame)) {
             *exception = createStackOverflowError(callFrame);
@@ -903 +913 @@
         newCallFrame->r(++dst) = jsUndefined();
     
-    CodeBlock* codeBlock = &FunctionExecutable->bytecodeForCall(callFrame, scopeChain);
-    newCallFrame = slideRegisterWindowForCall(codeBlock, &m_registerFile, newCallFrame, argc + RegisterFile::CallFrameHeaderSize, argc);
+    CodeBlock* codeBlock = FunctionExecutable->bytecodeForCall(callFrame, scopeChain);
+    if (codeBlock)
+        newCallFrame = slideRegisterWindowForCall(codeBlock, &m_registerFile, newCallFrame, argc + RegisterFile::CallFrameHeaderSize, argc);
+    else
+        newCallFrame = 0;
     if (UNLIKELY(!newCallFrame)) {
         *exception = createStackOverflowError(callFrame);
@@ -969 +982 @@
 
     EvalCodeBlock* codeBlock = &eval->bytecode(callFrame, scopeChain);
+    if (!codeBlock) {
+        *exception = createStackOverflowError(callFrame);
+        return jsNull();
+    }
 
     JSVariableObject* variableObject;
@@ -3620 +3637 @@
         if (callType == CallTypeJS) {
             ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
-            CodeBlock* newCodeBlock = &callData.js.functionExecutable->bytecodeForCall(callFrame, callDataScopeChain);
+            CodeBlock* newCodeBlock = callData.js.functionExecutable->bytecodeForCall(callFrame, callDataScopeChain);
 
             CallFrame* previousCallFrame = callFrame;
-
-            callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            if (newCodeBlock)
+                callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            else
+                callFrame = 0;
             if (UNLIKELY(!callFrame)) {
                 callFrame = previousCallFrame;
@@ -3772 +3791 @@
         if (callType == CallTypeJS) {
             ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
-            CodeBlock* newCodeBlock = &callData.js.functionExecutable->bytecodeForCall(callFrame, callDataScopeChain);
+            CodeBlock* newCodeBlock = callData.js.functionExecutable->bytecodeForCall(callFrame, callDataScopeChain);
             
             CallFrame* previousCallFrame = callFrame;
-            
-            callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            if (newCodeBlock)
+                callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            else
+                callFrame = 0;
             if (UNLIKELY(!callFrame)) {
                 callFrame = previousCallFrame;
@@ -4095 +4116 @@
         if (constructType == ConstructTypeJS) {
             ScopeChainNode* callDataScopeChain = constructData.js.scopeChain;
-            CodeBlock* newCodeBlock = &constructData.js.functionExecutable->bytecodeForConstruct(callFrame, callDataScopeChain);
+            CodeBlock* newCodeBlock = constructData.js.functionExecutable->bytecodeForConstruct(callFrame, callDataScopeChain);
 
             CallFrame* previousCallFrame = callFrame;
 
-            callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            if (newCodeBlock)
+                callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            else
+                callFrame = 0;
+
             if (UNLIKELY(!callFrame)) {
                 callFrame = previousCallFrame;