[v8-dev] [v8] r10097 committed - MIPS: Catch non-string subject in RegExpExecStub....

Wed, 30 Nov 2011 08:36:27 -0800 

Revision: 10097
Author:   [email protected]
Date:     Wed Nov 30 08:36:00 2011
Log:      MIPS: Catch non-string subject in RegExpExecStub.

Port r10064 (9c6789a3)

Original commit message:
There is no test case to trigger any crash. This is only to guard against the case that the native function is called with unsafe arguments. 

BUG=
TEST=

Review URL: http://codereview.chromium.org/8742012
Patch from Daniel Kalmar <[email protected]>.
http://code.google.com/p/v8/source/detail?r=10097

Modified:
 /branches/bleeding_edge/src/mips/code-stubs-mips.cc

=======================================
--- /branches/bleeding_edge/src/mips/code-stubs-mips.cc Thu Nov 24 07:17:04 2011 +++ /branches/bleeding_edge/src/mips/code-stubs-mips.cc Wed Nov 30 08:36:00 2011 
@@ -4746,7 +4746,8 @@
   Label seq_string;
   __ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
   __ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
-  // First check for flat string.
+ // First check for flat string. None of the following string type tests will 
+  // succeed if kIsNotStringTag is set.
   __ And(a1, a0, Operand(kIsNotStringMask | kStringRepresentationMask));
   STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
   __ Branch(&seq_string, eq, a1, Operand(zero_reg));
@@ -4754,6 +4755,7 @@
   // subject: Subject string
   // a0: instance type if Subject string
   // regexp_data: RegExp data (FixedArray)
+  // a1: whether subject is a string and if yes, its string representation
   // Check for flat cons string or sliced string.
   // A flat cons string is a cons string where the second part is the empty
// string. In that case the subject string is just the first part of the cons 
@@ -4763,9 +4765,15 @@
   Label cons_string, check_encoding;
   STATIC_ASSERT(kConsStringTag < kExternalStringTag);
   STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
+  STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
   __ Branch(&cons_string, lt, a1, Operand(kExternalStringTag));
   __ Branch(&runtime, eq, a1, Operand(kExternalStringTag));

+  // Catch non-string subject (should already have been guarded against).
+  STATIC_ASSERT(kNotStringTag != 0);
+  __ And(at, a1, Operand(kIsNotStringMask));
+  __ Branch(&runtime, ne, at, Operand(zero_reg));
+
   // String is sliced.
   __ lw(t0, FieldMemOperand(subject, SlicedString::kOffsetOffset));
   __ sra(t0, t0, kSmiTagSize);

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to