[v8-dev] [v8] r10319 committed - Make Runtime_Apply safer....

Mon, 02 Jan 2012 07:23:32 -0800 

Revision: 10319
Author:   [email protected]
Date:     Mon Jan  2 07:22:21 2012
Log:      Make Runtime_Apply safer.

There is a call to Object::GetElement that could conceivably cause a GC.
Handlify all raw pointer local variables.

[email protected]
BUG=
TEST=

Review URL: http://codereview.chromium.org/8952028
http://code.google.com/p/v8/source/detail?r=10319

Modified:
 /branches/bleeding_edge/src/runtime.cc

=======================================
--- /branches/bleeding_edge/src/runtime.cc      Wed Dec 28 07:14:33 2011
+++ /branches/bleeding_edge/src/runtime.cc      Mon Jan  2 07:22:21 2012
@@ -1,4 +1,4 @@
-// Copyright 2011 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
@@ -8707,14 +8707,11 @@
 RUNTIME_FUNCTION(MaybeObject*, Runtime_Apply) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 5);
-  CONVERT_CHECKED(JSReceiver, fun, args[0]);
-  Object* receiver = args[1];
-  CONVERT_CHECKED(JSObject, arguments, args[2]);
-  CONVERT_CHECKED(Smi, shift, args[3]);
-  CONVERT_CHECKED(Smi, arity, args[4]);
-
-  int offset = shift->value();
-  int argc = arity->value();
+  CONVERT_ARG_CHECKED(JSReceiver, fun, 0);
+  Handle<Object> receiver = args.at<Object>(1);
+  CONVERT_ARG_CHECKED(JSObject, arguments, 2);
+  CONVERT_SMI_ARG_CHECKED(offset, 3);
+  CONVERT_SMI_ARG_CHECKED(argc, 4);
   ASSERT(offset >= 0);
   ASSERT(argc >= 0);

@@ -8730,17 +8727,12 @@
   }

   for (int i = 0; i < argc; ++i) {
-     MaybeObject* maybe = arguments->GetElement(offset + i);
-     Object* object;
-     if (!maybe->To<Object>(&object)) return maybe;
-     argv[i] = Handle<Object>(object);
+    argv[i] = Object::GetElement(arguments, offset + i);
   }

   bool threw;
-  Handle<JSReceiver> hfun(fun);
-  Handle<Object> hreceiver(receiver);
   Handle<Object> result =
-      Execution::Call(hfun, hreceiver, argc, argv, &threw, true);
+      Execution::Call(fun, receiver, argc, argv, &threw, true);

   if (threw) return Failure::Exception();
   return *result;

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to