wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 916612 - Move the too-many args+vars checks (r=wingo)

Browse Source 
--HG--
extra : rebase_source : 37d14fb62f780aa977d961028e6f30c572771744
This commit is contained in:
Luke Wagner 2014-01-16 11:02:01 -06:00
parent 600ca726d8
commit 128328702b
3 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
js/src/frontend/Parser.cpp
View File

@ -149,6 +149,10 @@ ParseContext<FullParseHandler>::define(TokenStream &ts,
return false;
if (!args_.append(dn))
return false;
if (args_.length() >= ARGNO_LIMIT) {
ts.reportError(JSMSG_TOO_MANY_FUN_ARGS);
return false;
}
if (name == ts.names().empty)
break;
if (!decls_.addUnique(name, dn))
@ -164,6 +168,10 @@ ParseContext<FullParseHandler>::define(TokenStream &ts,
return false;
if (!vars_.append(dn))
return false;
if (vars_.length() >= SLOTNO_LIMIT) {
ts.reportError(JSMSG_TOO_MANY_LOCALS);
return false;
}
}
if (!decls_.addUnique(name, dn))
return false;
@ -195,8 +203,14 @@ ParseContext<SyntaxParseHandler>::define(TokenStream &ts, HandlePropertyName nam
lexdeps->remove(name);
// Keep track of the number of arguments in args_, for fun->nargs.
if (kind == Definition::ARG && !args_.append((Definition *) nullptr))
return false;
if (kind == Definition::ARG) {
if (!args_.append((Definition *) nullptr))
return false;
if (args_.length() >= ARGNO_LIMIT) {
ts.reportError(JSMSG_TOO_MANY_FUN_ARGS);
return false;
}
}
return decls_.addUnique(name, kind);
}
@ -291,6 +305,8 @@ ParseContext<ParseHandler>::generateFunctionBindings(ExclusiveContext *cx, LifoA
InternalHandle<Bindings*> bindings) const
{
JS_ASSERT(sc->isFunctionBox());
JS_ASSERT(args_.length() < ARGNO_LIMIT);
JS_ASSERT(vars_.length() < SLOTNO_LIMIT);
unsigned count = args_.length() + vars_.length();
Binding *packedBindings = alloc.newArrayUninitialized<Binding>(count);

2
js/src/jsopcode.h
View File

@ -191,13 +191,11 @@ SET_UINT32_INDEX(jsbytecode *pc, uint32_t index)
#define INDEX_LIMIT_LOG2 23
#define INDEX_LIMIT (uint32_t(1) << INDEX_LIMIT_LOG2)
/* Actual argument count operand format helpers. */
#define ARGC_HI(argc) UINT16_HI(argc)
#define ARGC_LO(argc) UINT16_LO(argc)
#define GET_ARGC(pc) GET_UINT16(pc)
#define ARGC_LIMIT UINT16_LIMIT
/* Synonyms for quick JOF_QARG and JOF_LOCAL bytecodes. */
#define GET_ARGNO(pc) GET_UINT16(pc)
#define SET_ARGNO(pc,argno) SET_UINT16(pc,argno)
#define ARGNO_LEN 2

15
js/src/jsscript.cpp
View File

@ -70,18 +70,11 @@ Bindings::initWithTemporaryStorage(ExclusiveContext *cx, InternalBindingsHandle
{
JS_ASSERT(!self->callObjShape_);
JS_ASSERT(self->bindingArrayAndFlag_ == TEMPORARY_STORAGE_BIT);
if (numArgs > UINT16_MAX || numVars > UINT16_MAX) {
if (cx->isJSContext()) {
JS_ReportErrorNumber(cx->asJSContext(), js_GetErrorMessage, nullptr,
self->numArgs_ > self->numVars_ ?
JSMSG_TOO_MANY_FUN_ARGS :
JSMSG_TOO_MANY_LOCALS);
}
return false;
}
JS_ASSERT(!(uintptr_t(bindingArray) & TEMPORARY_STORAGE_BIT));
JS_ASSERT(numArgs <= ARGC_LIMIT);
JS_ASSERT(numVars <= SLOTNO_LIMIT);
JS_ASSERT(UINT32_MAX - numArgs >= numVars);
self->bindingArrayAndFlag_ = uintptr_t(bindingArray) | TEMPORARY_STORAGE_BIT;
self->numArgs_ = numArgs;
self->numVars_ = numVars;