[INFER] Add monitoring for premature returns in JSOP_NAME, bug 642412.

2024-09-13 09:24:08 -07:00 · 2011-03-19 17:03:18 -07:00 · 2011-03-19 17:03:18 -07:00 · 99c7da4cca
commit 99c7da4cca
parent f9a4f63af8
2 changed files with 9 additions and 0 deletions
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@ -5009,6 +5009,11 @@ BEGIN_CASE(JSOP_CALLNAME)
            PUSH_COPY(rval);
        }

+        if (op == JSOP_NAME || op == JSOP_CALLNAME) {
+            if (!script->typeMonitorResult(cx, regs.pc, regs.sp[-1]))
+                goto error;
+        }
+
        JS_ASSERT(obj->isGlobal() || IsCacheableNonGlobalScope(obj));
        if (op == JSOP_CALLNAME || op == JSOP_CALLGNAME)
            PUSH_IMPLICIT_THIS(cx, obj, regs.sp[-1]);
@ -5026,6 +5031,8 @@ BEGIN_CASE(JSOP_CALLNAME)
        JSOp op2 = js_GetOpcode(cx, script, regs.pc + JSOP_NAME_LENGTH);
        if (op2 == JSOP_TYPEOF) {
            PUSH_UNDEFINED();
+            if (!script->typeMonitorUndefined(cx, regs.pc))
+                goto error;
            len = JSOP_NAME_LENGTH;
            DO_NEXT_OP(len);
        }
--- a/js/src/methodjit/StubCalls.cpp
+++ b/js/src/methodjit/StubCalls.cpp
@ -377,6 +377,8 @@ NameOp(VMFrame &f, JSObject *obj, bool markresult, bool callname)
            if (op2 == JSOP_TYPEOF) {
                f.regs.sp++;
                f.regs.sp[-1].setUndefined();
+                if (!f.script()->typeMonitorUndefined(cx, f.regs.pc))
+                    return NULL;
                return obj;
            }
            ReportAtomNotDefined(cx, atom);