Ignore:
Timestamp:
Jul 13, 2010, 12:57:08 PM (15 years ago)
Author:
[email protected]
Message:

2010-07-12 Oliver Hunt <[email protected]>

Reviewed by Gavin Barraclough.

REGRESSION: Crash at JSC::JIT::privateCompile(JSC::MacroAssemblerCodePtr*)
https://bugs.webkit.org/show_bug.cgi?id=41763

There are two parts to this patch, the first is to fix the actual
problem. When calling copyStringWithoutBOMs on a string we know
to contain BOMs we return a value indicating that there are no
BOMs.

The second part of this fix is simply to harden the path that
led to a crash when parsing failed.

  • jit/JITOpcodes.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines):
  • jit/JITOpcodes32_64.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines):
  • jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):

Harden compilation stubs against parser failure.

  • parser/Lexer.cpp: (JSC::Lexer::sourceCode):

Add assertions to ensure that subranges into a source provider
are always actually braces. Hopefully this should catch similar
failures in future. These assertions fire on existing tests
without this fix.

  • runtime/Executable.h: (JSC::FunctionExecutable::tryJitCodeForCall): (JSC::FunctionExecutable::tryJitCodeForConstruct):
  • wtf/text/StringImpl.h: (WebCore::StringImpl::copyStringWithoutBOMs):

Make copyStringWithBOMs do the right thing.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/runtime/Executable.h

    r62551 r63237  
    415415            return m_jitCodeForConstruct;
    416416        }
     417       
     418        bool tryJitCodeForCall(ExecState* exec, ScopeChainNode* scopeChainNode)
     419        {
     420            FunctionCodeBlock* codeBlock = bytecodeForCall(exec, scopeChainNode);
     421            if (!codeBlock)
     422                return false;
     423            if (!m_jitCodeForCall)
     424                generateJITCodeForCall(exec, scopeChainNode);
     425            return true;
     426        }
     427       
     428        bool tryJitCodeForConstruct(ExecState* exec, ScopeChainNode* scopeChainNode)
     429        {
     430            FunctionCodeBlock* codeBlock = bytecodeForConstruct(exec, scopeChainNode);
     431            if (!codeBlock)
     432                return false;
     433            if (!m_jitCodeForConstruct)
     434                generateJITCodeForConstruct(exec, scopeChainNode);
     435            return true;
     436        }
    417437
    418438        MacroAssemblerCodePtr generatedJITCodeForCallWithArityCheck()
Note: See TracChangeset for help on using the changeset viewer.