Changeset 62432 in webkit for trunk/JavaScriptCore/interpreter


Ignore:
Timestamp:
Jul 2, 2010, 9:52:45 PM (15 years ago)
Author:
[email protected]
Message:

Clamp the number of arguments supported by function.apply
https://bugs.webkit.org/show_bug.cgi?id=41351
<rdar://problem/8142141>

Reviewed by Gavin Barraclough.

JavaScriptCore:

Add clamping logic to function.apply similar to that
enforced by firefox. We have a smaller clamp than
firefox as our calling convention means that stack
usage is proportional to argument count -- the firefox
limit is larger than you could actually call.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::privateExecute):

  • jit/JITStubs.cpp:

(JSC::DEFINE_STUB_FUNCTION):

  • runtime/Arguments.h:

(JSC::Arguments::):

LayoutTests:

Testcases.

  • fast/js/function-apply-many-args-expected.txt: Added.
  • fast/js/function-apply-many-args.html: Added.
  • fast/js/script-tests/function-apply-many-args.js: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/interpreter/Interpreter.cpp

    r61778 r62432  
    36973697        if (!arguments) {
    36983698            argCount = (uint32_t)(callFrame->argumentCount());
     3699            argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
    36993700            int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
    37003701            Register* newEnd = callFrame->registers() + sizeDelta;
     
    37233724                Arguments* args = asArguments(arguments);
    37243725                argCount = args->numProvidedArguments(callFrame);
     3726                argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
    37253727                int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
    37263728                Register* newEnd = callFrame->registers() + sizeDelta;
     
    37333735                JSArray* array = asArray(arguments);
    37343736                argCount = array->length();
     3737                argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
    37353738                int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
    37363739                Register* newEnd = callFrame->registers() + sizeDelta;
     
    37433746                JSObject* argObject = asObject(arguments);
    37443747                argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
     3748                argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
    37453749                int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
    37463750                Register* newEnd = callFrame->registers() + sizeDelta;
Note: See TracChangeset for help on using the changeset viewer.