wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 990096, part 2 - Crash on OOM for various small allocations in Yarr. r=h4writer.

Browse Source
This commit is contained in:
Jason Orendorff 2014-04-04 17:03:13 -05:00
parent 25b1fa6770
commit 4a3e9de378
5 changed files with 68 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
js/src/yarr/RegExpJitTables.h
View File

@ -2632,14 +2632,14 @@ static const char _wordcharData[65536] = {
CharacterClass* digitsCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>();
CharacterClass* characterClass = newOrCrash<CharacterClass>();
characterClass->m_ranges.append(CharacterRange(0x30, 0x39));
return characterClass;
}
CharacterClass* nondigitsCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>();
CharacterClass* characterClass = newOrCrash<CharacterClass>();
characterClass->m_ranges.append(CharacterRange(0x00, 0x2f));
characterClass->m_ranges.append(CharacterRange(0x3a, 0x7f));
characterClass->m_rangesUnicode.append(CharacterRange(0x0080, 0xffff));
@ -2648,7 +2648,7 @@ CharacterClass* nondigitsCreate()
CharacterClass* newlineCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>();
CharacterClass* characterClass = newOrCrash<CharacterClass>();
characterClass->m_matches.append(0x0a);
characterClass->m_matches.append(0x0d);
characterClass->m_matchesUnicode.append(0x2028);
@ -2658,7 +2658,7 @@ CharacterClass* newlineCreate()
CharacterClass* spacesCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>(_spacesData, false);
CharacterClass* characterClass = newOrCrash<CharacterClass>(_spacesData, false);
characterClass->m_ranges.append(CharacterRange(0x09, 0x0d));
characterClass->m_matches.append(0x20);
characterClass->m_matchesUnicode.append(0x00a0);
@ -2676,7 +2676,7 @@ CharacterClass* spacesCreate()
CharacterClass* nonspacesCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>(_spacesData, true);
CharacterClass* characterClass = newOrCrash<CharacterClass>(_spacesData, true);
characterClass->m_ranges.append(CharacterRange(0x00, 0x08));
characterClass->m_ranges.append(CharacterRange(0x0e, 0x1f));
characterClass->m_ranges.append(CharacterRange(0x21, 0x7f));
@ -2695,7 +2695,7 @@ CharacterClass* nonspacesCreate()
CharacterClass* nonwordcharCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>(_wordcharData, true);
CharacterClass* characterClass = newOrCrash<CharacterClass>(_wordcharData, true);
characterClass->m_ranges.append(CharacterRange(0x00, 0x2f));
characterClass->m_ranges.append(CharacterRange(0x3a, 0x40));
characterClass->m_ranges.append(CharacterRange(0x5b, 0x5e));
@ -2707,7 +2707,7 @@ CharacterClass* nonwordcharCreate()
CharacterClass* wordcharCreate()
{
CharacterClass* characterClass = js_new<CharacterClass>(_wordcharData, false);
CharacterClass* characterClass = newOrCrash<CharacterClass>(_wordcharData, false);
characterClass->m_ranges.append(CharacterRange(0x30, 0x39));
characterClass->m_ranges.append(CharacterRange(0x41, 0x5a));
characterClass->m_matches.append(0x5f);

6
js/src/yarr/YarrInterpreter.cpp
View File

@ -1505,7 +1505,7 @@ public:
emitDisjunction(m_pattern.m_body);
regexEnd();
return adoptPtr(js_new<BytecodePattern>(m_bodyDisjunction.release(), m_allParenthesesInfo, Ref<YarrPattern>(m_pattern), allocator));
return adoptPtr(newOrCrash<BytecodePattern>(m_bodyDisjunction.release(), m_allParenthesesInfo, Ref<YarrPattern>(m_pattern), allocator));
}
void checkInput(unsigned count)
@ -1736,7 +1736,7 @@ public:
unsigned subpatternId = parenthesesBegin.atom.subpatternId;
unsigned numSubpatterns = lastSubpatternId - subpatternId + 1;
ByteDisjunction* parenthesesDisjunction = js_new<ByteDisjunction>(numSubpatterns, callFrameSize);
ByteDisjunction* parenthesesDisjunction = newOrCrash<ByteDisjunction>(numSubpatterns, callFrameSize);
parenthesesDisjunction->terms.reserve(endTerm - beginTerm + 1);
parenthesesDisjunction->terms.append(ByteTerm::SubpatternBegin());
@ -1800,7 +1800,7 @@ public:
void regexBegin(unsigned numSubpatterns, unsigned callFrameSize, bool onceThrough)
{
m_bodyDisjunction = adoptPtr(js_new<ByteDisjunction>(numSubpatterns, callFrameSize));
m_bodyDisjunction = adoptPtr(newOrCrash<ByteDisjunction>(numSubpatterns, callFrameSize));
m_bodyDisjunction->terms.append(ByteTerm::BodyAlternativeBegin(onceThrough));
m_bodyDisjunction->terms[0].frameLocation = 0;
m_currentAlternativeIndex = 0;

12
js/src/yarr/YarrPattern.cpp
View File

@ -187,7 +187,7 @@ public:
CharacterClass* charClass()
{
CharacterClass* characterClass = js_new<CharacterClass>();
CharacterClass* characterClass = newOrCrash<CharacterClass>();
characterClass->m_matches.swap(m_matches);
characterClass->m_ranges.swap(m_ranges);
@ -285,7 +285,7 @@ public:
, m_characterClassConstructor(pattern.m_ignoreCase)
, m_invertParentheticalAssertion(false)
{
m_pattern.m_body = js_new<PatternDisjunction>();
m_pattern.m_body = newOrCrash<PatternDisjunction>();
m_alternative = m_pattern.m_body->addNewAlternative();
m_pattern.m_disjunctions.append(m_pattern.m_body);
}
@ -299,7 +299,7 @@ public:
m_pattern.reset();
m_characterClassConstructor.reset();
m_pattern.m_body = js_new<PatternDisjunction>();
m_pattern.m_body = newOrCrash<PatternDisjunction>();
m_alternative = m_pattern.m_body->addNewAlternative();
m_pattern.m_disjunctions.append(m_pattern.m_body);
}
@ -411,7 +411,7 @@ public:
if (capture)
m_pattern.m_numSubpatterns++;
PatternDisjunction* parenthesesDisjunction = js_new<PatternDisjunction>(m_alternative);
PatternDisjunction* parenthesesDisjunction = newOrCrash<PatternDisjunction>(m_alternative);
m_pattern.m_disjunctions.append(parenthesesDisjunction);
m_alternative->m_terms.append(PatternTerm(PatternTerm::TypeParenthesesSubpattern, subpatternId, parenthesesDisjunction, capture, false));
m_alternative = parenthesesDisjunction->addNewAlternative();
@ -419,7 +419,7 @@ public:
void atomParentheticalAssertionBegin(bool invert = false)
{
PatternDisjunction* parenthesesDisjunction = js_new<PatternDisjunction>(m_alternative);
PatternDisjunction* parenthesesDisjunction = newOrCrash<PatternDisjunction>(m_alternative);
m_pattern.m_disjunctions.append(parenthesesDisjunction);
m_alternative->m_terms.append(PatternTerm(PatternTerm::TypeParentheticalAssertion, m_pattern.m_numSubpatterns + 1, parenthesesDisjunction, false, invert));
m_alternative = parenthesesDisjunction->addNewAlternative();
@ -493,7 +493,7 @@ public:
PatternAlternative* alternative = disjunction->m_alternatives[alt];
if (!filterStartsWithBOL || !alternative->m_startsWithBOL) {
if (!newDisjunction) {
newDisjunction = js_new<PatternDisjunction>();
newDisjunction = newOrCrash<PatternDisjunction>();
newDisjunction->m_parent = disjunction->m_parent;
}
PatternAlternative* newAlternative = newDisjunction->addNewAlternative();

2
js/src/yarr/YarrPattern.h
View File

@ -324,7 +324,7 @@ public:
PatternAlternative* addNewAlternative()
{
PatternAlternative* alternative = js_new<PatternAlternative>(this);
PatternAlternative* alternative = newOrCrash<PatternAlternative>(this);
m_alternatives.append(alternative);
return alternative;
}

51
js/src/yarr/wtfbridge.h
View File

@ -275,6 +275,57 @@ class JSGlobalData {
*/
#define UNUSED_PARAM(e)
/*
* Like SpiderMonkey's allocation templates, but with more crashing.
*/
template <class T>
T *newOrCrash()
{
T *t = js_new<T>();
if (!t)
js::CrashAtUnhandlableOOM("Yarr");
return t;
}
template <class T, class P1>
T *newOrCrash(P1 &&p1)
{
T *t = js_new<T>(mozilla::Forward<P1>(p1));
if (!t)
js::CrashAtUnhandlableOOM("Yarr");
return t;
}
template <class T, class P1, class P2>
T *newOrCrash(P1 &&p1, P2 &&p2)
{
T *t = js_new<T>(mozilla::Forward<P1>(p1), mozilla::Forward<P2>(p2));
if (!t)
js::CrashAtUnhandlableOOM("Yarr");
return t;
}
template <class T, class P1, class P2, class P3>
T *newOrCrash(P1 &&p1, P2 &&p2, P3 &&p3)
{
T *t = js_new<T>(mozilla::Forward<P1>(p1), mozilla::Forward<P2>(p2), mozilla::Forward<P3>(p3));
if (!t)
js::CrashAtUnhandlableOOM("Yarr");
return t;
}
template <class T, class P1, class P2, class P3, class P4>
T *newOrCrash(P1 &&p1, P2 &&p2, P3 &&p3, P4 &&p4)
{
T *t = js_new<T>(mozilla::Forward<P1>(p1),
mozilla::Forward<P2>(p2),
mozilla::Forward<P3>(p3),
mozilla::Forward<P4>(p4));
if (!t)
js::CrashAtUnhandlableOOM("Yarr");
return t;
}
} /* namespace Yarr */
/*