Title: [148062] trunk/Source/_javascript_Core
- Revision
- 148062
- Author
- [email protected]
- Date
- 2013-04-09 16:28:59 -0700 (Tue, 09 Apr 2013)
Log Message
Add liveness tests to JSC API entry points
https://bugs.webkit.org/show_bug.cgi?id=114318
Reviewed by Filip Pizlo.
Add simple checks for the existence of a method table on any
JSCells passed across the API. This in turn forces a structure
validity test.
* API/APICast.h:
(toJS):
(toJSForGC):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/API/APICast.h (148061 => 148062)
--- trunk/Source/_javascript_Core/API/APICast.h 2013-04-09 23:22:42 UTC (rev 148061)
+++ trunk/Source/_javascript_Core/API/APICast.h 2013-04-09 23:28:59 UTC (rev 148062)
@@ -67,15 +67,19 @@
JSC::JSCell* jsCell = reinterpret_cast<JSC::JSCell*>(const_cast<OpaqueJSValue*>(v));
if (!jsCell)
return JSC::jsNull();
+ JSC::JSValue result;
if (jsCell->isAPIValueWrapper())
- return JSC::jsCast<JSC::JSAPIValueWrapper*>(jsCell)->value();
- return jsCell;
+ result = JSC::jsCast<JSC::JSAPIValueWrapper*>(jsCell)->value();
+ else
+ result = jsCell;
#else
JSC::JSValue result = JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
+#endif
if (!result)
return JSC::jsNull();
+ if (result.isCell())
+ RELEASE_ASSERT(result.asCell()->methodTable());
return result;
-#endif
}
inline JSC::JSValue toJSForGC(JSC::ExecState* exec, JSValueRef v)
@@ -85,15 +89,21 @@
JSC::JSCell* jsCell = reinterpret_cast<JSC::JSCell*>(const_cast<OpaqueJSValue*>(v));
if (!jsCell)
return JSC::JSValue();
- return jsCell;
+ JSC::JSValue result = jsCell;
#else
- return JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
+ JSC::JSValue result = JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
#endif
+ if (result && result.isCell())
+ RELEASE_ASSERT(result.asCell()->methodTable());
+ return result;
}
inline JSC::JSObject* toJS(JSObjectRef o)
{
- return reinterpret_cast<JSC::JSObject*>(o);
+ JSC::JSObject* object = reinterpret_cast<JSC::JSObject*>(o);
+ if (object)
+ RELEASE_ASSERT(object->methodTable());
+ return object;
}
inline JSC::PropertyNameArray* toJS(JSPropertyNameAccumulatorRef a)
Modified: trunk/Source/_javascript_Core/ChangeLog (148061 => 148062)
--- trunk/Source/_javascript_Core/ChangeLog 2013-04-09 23:22:42 UTC (rev 148061)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-04-09 23:28:59 UTC (rev 148062)
@@ -1,3 +1,18 @@
+2013-04-09 Oliver Hunt <[email protected]>
+
+ Add liveness tests to JSC API entry points
+ https://bugs.webkit.org/show_bug.cgi?id=114318
+
+ Reviewed by Filip Pizlo.
+
+ Add simple checks for the existence of a method table on any
+ JSCells passed across the API. This in turn forces a structure
+ validity test.
+
+ * API/APICast.h:
+ (toJS):
+ (toJSForGC):
+
2013-04-09 Balazs Kilvady <[email protected]>
LLInt conditional branch compilation fault on MIPS.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
