Reviewers: Erik Corry, Mads Ager,
Message:
On 2010/02/09 07:50:21, Mads Ager wrote:
On 2010/02/08 19:27:13, Erik Corry wrote:
> I think this is a very good idea and definitely worth doing for the
other
> architectures too. Perhaps we should just abort the VM if the arg count
> mismatches? As long as we get a reasonable stack trace that seems safer
than
> continuing after an attacker has attempted to subvert the %_ natives.
As discussed offline, I would throw a compile-time exception in case of
arg
count mismatch. That matches the way we handle inconsistencies in the
other
runtime functions.
This is now updated to throw a syntax error in case of passing an unexpected
number of arguments to a runtime function (for the runtime functions
implemented
in C++ and the inline ones).
Ported to x64 and ARM as well.
Could you have another look?
Description:
Add fuzzing support for inline runtime functions
The inline runtime functions are now included in the fuzzing of the
natives. The
chack for the expected number of arguments passed have been moved to the
parser
which will generate a syntax error if a runtime function (either C++ or
inline)
is called with a different number of arguments than expected.
Please review this at http://codereview.chromium.org/573056
SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/
Affected files:
M src/arm/codegen-arm.h
M src/arm/codegen-arm.cc
M src/codegen.h
M src/codegen.cc
M src/ia32/codegen-ia32.h
M src/ia32/codegen-ia32.cc
M src/math.js
M src/messages.js
M src/parser.cc
M src/runtime.cc
M src/x64/codegen-x64.h
M src/x64/codegen-x64.cc
M test/cctest/test-log-stack-tracer.cc
M test/mjsunit/fuzz-natives.js
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
