[v8-dev] MIPS: Catch non-string subject in RegExpExecStub. (issue 8742012)

kalmard Wed, 30 Nov 2011 05:59:18 -0800

Reviewers: danno, Paul Lind, kisg, Yang,

Message:
Fully building and testing v8 on MIPS requires the following patches to be
landed:


http://codereview.chromium.org/8561001/
http://codereview.chromium.org/8743010/
http://codereview.chromium.org/8744012/
http://codereview.chromium.org/8743009/
http://codereview.chromium.org/8742012/
http://codereview.chromium.org/8745012/
http://codereview.chromium.org/8746015/
http://codereview.chromium.org/8747011/

Description:
MIPS: Catch non-string subject in RegExpExecStub.

Port r10064 (9c6789a3)

Original commit message:

There is no test case to trigger any crash. This is only to guard againstthe

case that the native function is called with unsafe arguments.

BUG=
TEST=


Please review this at http://codereview.chromium.org/8742012/

Affected files:
  M src/mips/code-stubs-mips.cc


Index: src/mips/code-stubs-mips.cc
diff --git a/src/mips/code-stubs-mips.cc b/src/mips/code-stubs-mips.cc

indexb26e0b435e9e4b0808491d189259b05a0347e873..679b23fffa39f8215282bb1dc018dfac2f7d0e22100644

--- a/src/mips/code-stubs-mips.cc
+++ b/src/mips/code-stubs-mips.cc
@@ -4746,7 +4746,8 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
   Label seq_string;
   __ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
   __ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
-  // First check for flat string.

+ // First check for flat string. None of the following string type testswill

+  // succeed if kIsNotStringTag is set.
   __ And(a1, a0, Operand(kIsNotStringMask | kStringRepresentationMask));
   STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
   __ Branch(&seq_string, eq, a1, Operand(zero_reg));
@@ -4754,6 +4755,7 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
   // subject: Subject string
   // a0: instance type if Subject string
   // regexp_data: RegExp data (FixedArray)
+  // a1: whether subject is a string and if yes, its string representation
   // Check for flat cons string or sliced string.
   // A flat cons string is a cons string where the second part is the empty

// string. In that case the subject string is just the first part of thecons

@@ -4763,9 +4765,15 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
   Label cons_string, check_encoding;
   STATIC_ASSERT(kConsStringTag < kExternalStringTag);
   STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
+  STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
   __ Branch(&cons_string, lt, a1, Operand(kExternalStringTag));
   __ Branch(&runtime, eq, a1, Operand(kExternalStringTag));

+  // Catch non-string subject (should already have been guarded against).
+  STATIC_ASSERT(kNotStringTag != 0);
+  __ And(at, a1, Operand(kIsNotStringMask));
+  __ Branch(&runtime, ne, at, Operand(zero_reg));
+
   // String is sliced.
   __ lw(t0, FieldMemOperand(subject, SlicedString::kOffsetOffset));
   __ sra(t0, t0, kSmiTagSize);


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] MIPS: Catch non-string subject in RegExpExecStub. (issue 8742012)

Reply via email to