[v8-dev] [v8] r10064 committed - Catch non-string subject in RegExpExecStub....

[codesite-noreply]

Revision: 10064
Author:   yang...@chromium.org
Date:     Thu Nov 24 10:36:24 2011
Log:      Catch non-string subject in RegExpExecStub.
There is no test case to trigger any crash. This is only to guard against  
the case that the native function is called with unsafe arguments.

Review URL: http://codereview.chromium.org/8554004
http://code.google.com/p/v8/source/detail?r=10064

Modified:
 /branches/bleeding_edge/src/arm/code-stubs-arm.cc
 /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc
 /branches/bleeding_edge/src/x64/code-stubs-x64.cc

=======================================
--- /branches/bleeding_edge/src/arm/code-stubs-arm.cc	Thu Nov 24 07:17:04  
2011
+++ /branches/bleeding_edge/src/arm/code-stubs-arm.cc	Thu Nov 24 10:36:24  
2011
@@ -4600,13 +4600,15 @@
   Label seq_string;
   __ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset));
   __ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
-  // First check for flat string.
+  // First check for flat string.  None of the following string type tests  
will
+  // succeed if kIsNotStringTag is set.
   __ and_(r1, r0, Operand(kIsNotStringMask | kStringRepresentationMask),  
SetCC);
   STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
   __ b(eq, &seq_string);

   // subject: Subject string
   // regexp_data: RegExp data (FixedArray)
+  // r1: whether subject is a string and if yes, its string representation
   // Check for flat cons string or sliced string.
   // A flat cons string is a cons string where the second part is the empty
   // string. In that case the subject string is just the first part of the  
cons
@@ -4616,10 +4618,16 @@
   Label cons_string, check_encoding;
   STATIC_ASSERT(kConsStringTag < kExternalStringTag);
   STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
+  STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
   __ cmp(r1, Operand(kExternalStringTag));
   __ b(lt, &cons_string);
   __ b(eq, &runtime);

+  // Catch non-string subject (should already have been guarded against).
+  STATIC_ASSERT(kNotStringTag != 0);
+  __ tst(r1, Operand(kIsNotStringMask));
+  __ b(ne, &runtime);
+
   // String is sliced.
   __ ldr(r9, FieldMemOperand(subject, SlicedString::kOffsetOffset));
   __ mov(r9, Operand(r9, ASR, kSmiTagSize));
=======================================
--- /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc	Thu Nov 24 07:17:04  
2011
+++ /branches/bleeding_edge/src/ia32/code-stubs-ia32.cc	Thu Nov 24 10:36:24  
2011
@@ -3603,10 +3603,12 @@
           kIsNotStringMask | kStringRepresentationMask |  
kStringEncodingMask);
   STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
   __ j(zero, &seq_two_byte_string, Label::kNear);
-  // Any other flat string must be a flat ascii string.
+  // Any other flat string must be a flat ascii string.  None of the  
following
+  // string type tests will succeed if kIsNotStringTag is set.
   __ and_(ebx, Immediate(kIsNotStringMask | kStringRepresentationMask));
   __ j(zero, &seq_ascii_string, Label::kNear);

+  // ebx: whether subject is a string and if yes, its string representation
   // Check for flat cons string or sliced string.
   // A flat cons string is a cons string where the second part is the empty
   // string. In that case the subject string is just the first part of the  
cons
@@ -3616,10 +3618,16 @@
   Label cons_string, check_encoding;
   STATIC_ASSERT(kConsStringTag < kExternalStringTag);
   STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
+  STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
   __ cmp(ebx, Immediate(kExternalStringTag));
   __ j(less, &cons_string);
   __ j(equal, &runtime);

+  // Catch non-string subject (should already have been guarded against).
+  STATIC_ASSERT(kNotStringTag != 0);
+  __ test(ebx, Immediate(kIsNotStringMask));
+  __ j(not_zero, &runtime);
+
   // String is sliced.
   __ mov(edi, FieldOperand(eax, SlicedString::kOffsetOffset));
   __ mov(eax, FieldOperand(eax, SlicedString::kParentOffset));
=======================================
--- /branches/bleeding_edge/src/x64/code-stubs-x64.cc	Thu Nov 24 07:17:04  
2011
+++ /branches/bleeding_edge/src/x64/code-stubs-x64.cc	Thu Nov 24 10:36:24  
2011
@@ -2650,10 +2650,12 @@
       kIsNotStringMask | kStringRepresentationMask | kStringEncodingMask));
   STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
   __ j(zero, &seq_two_byte_string, Label::kNear);
-  // Any other flat string must be a flat ascii string.
+  // Any other flat string must be a flat ascii string.  None of the  
following
+  // string type tests will succeed if kIsNotStringTag is set.
   __ andb(rbx, Immediate(kIsNotStringMask | kStringRepresentationMask));
   __ j(zero, &seq_ascii_string, Label::kNear);

+  // rbx: whether subject is a string and if yes, its string representation
   // Check for flat cons string or sliced string.
   // A flat cons string is a cons string where the second part is the empty
   // string. In that case the subject string is just the first part of the  
cons
@@ -2663,10 +2665,16 @@
   Label cons_string, check_encoding;
   STATIC_ASSERT(kConsStringTag < kExternalStringTag);
   STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
+  STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
   __ cmpq(rbx, Immediate(kExternalStringTag));
   __ j(less, &cons_string, Label::kNear);
   __ j(equal, &runtime);

+  // Catch non-string subject (should already have been guarded against).
+  STATIC_ASSERT(kNotStringTag != 0);
+  __ testb(rbx, Immediate(kIsNotStringMask));
+  __ j(not_zero, &runtime);
+
   // String is sliced.
   __ SmiToInteger32(r14, FieldOperand(rdi, SlicedString::kOffsetOffset));
   __ movq(rdi, FieldOperand(rdi, SlicedString::kParentOffset));

--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev