From e1ca08f794a894bb7b119dd530420f115d83dc46 Mon Sep 17 00:00:00 2001
From: Brendan Eich <brendan@mozilla.org>
Date: Tue, 8 Sep 2009 17:46:02 -0700
Subject: [PATCH] Avoid wildman storage-punning hacks for non-unit static
 strings (515273, r=gal/gwagner).

---
 js/src/jsstr.cpp | 74 ++++++++++++++++++++++++++++++++++++++++++++++--
 js/src/jsstr.h   | 16 ++++++++---
 2 files changed, 84 insertions(+), 6 deletions(-)

diff --git a/js/src/jsstr.cpp b/js/src/jsstr.cpp
index 29a7d100fde..a28014e3f25 100644
--- a/js/src/jsstr.cpp
+++ b/js/src/jsstr.cpp
@@ -2578,12 +2578,74 @@ __attribute__ ((aligned (8)))
 
 #pragma pack(pop)
 
-#undef C
+#undef L1
+#undef L2
+#undef L3
+
+static const char AsciiHundreds[] = {
+    O10(0x30), O10(0x31), O10(0x32), O10(0x33), O10(0x34), O10(0x35), O10(0x36), O10(0x37), O10(0x38), O10(0x39),
+    O11(0x30), O11(0x31), O11(0x32), O11(0x33), O11(0x34), O11(0x35), O11(0x36), O11(0x37), O11(0x38), O11(0x39),
+    O12(0x30), O12(0x31), O12(0x32), O12(0x33), O12(0x34), O12(0x35), O12(0x36), O12(0x37), O12(0x38), O12(0x39),
+    O13(0x30), O13(0x31), O13(0x32), O13(0x33), O13(0x34), O13(0x35), O13(0x36), O13(0x37), O13(0x38), O13(0x39),
+    O14(0x30), O14(0x31), O14(0x32), O14(0x33), O14(0x34), O14(0x35), O14(0x36), O14(0x37), O14(0x38), O14(0x39),
+    O15(0x30), O15(0x31), O15(0x32), O15(0x33), O15(0x34), O15(0x35), O15(0x36), O15(0x37), O15(0x38), O15(0x39),
+    O16(0x30), O16(0x31), O16(0x32), O16(0x33), O16(0x34), O16(0x35), O16(0x36), O16(0x37), O16(0x38), O16(0x39),
+    O17(0x30), O17(0x31), O17(0x32), O17(0x33), O17(0x34), O17(0x35), O17(0x36), O17(0x37), O17(0x38), O17(0x39),
+    O18(0x30), O18(0x31), O18(0x32), O18(0x33), O18(0x34), O18(0x35), O18(0x36), O18(0x37), O18(0x38), O18(0x39),
+    O19(0x30), O19(0x31), O19(0x32), O19(0x33), O19(0x34), O19(0x35), O19(0x36), O19(0x37), O19(0x38), O19(0x39),
+    O20(0x30), O20(0x31), O20(0x32), O20(0x33), O20(0x34), O20(0x35), O20(0x36), O20(0x37), O20(0x38), O20(0x39),
+    O21(0x30), O21(0x31), O21(0x32), O21(0x33), O21(0x34), O21(0x35), O21(0x36), O21(0x37), O21(0x38), O21(0x39),
+    O22(0x30), O22(0x31), O22(0x32), O22(0x33), O22(0x34), O22(0x35), O22(0x36), O22(0x37), O22(0x38), O22(0x39),
+    O23(0x30), O23(0x31), O23(0x32), O23(0x33), O23(0x34), O23(0x35), O23(0x36), O23(0x37), O23(0x38), O23(0x39),
+    O24(0x30), O24(0x31), O24(0x32), O24(0x33), O24(0x34), O24(0x35), O24(0x36), O24(0x37), O24(0x38), O24(0x39),
+    O25(0x30), O25(0x31), O25(0x32), O25(0x33), O25(0x34), O25(0x35)
+};
+
+#define L1(c) (AsciiHundreds + 2 + (c) * 4)             /* length 1: 0..9 */
+#define L2(c) (AsciiHundreds + 41 + (c - 10) * 4)       /* length 2: 10..99 */
+#define L3(c) (AsciiHundreds + (c - 100) * 4)           /* length 3: 100..255 */
+
+const char *JSString::deflatedIntStringTable[] = {
+    L1(0x00), L1(0x01), L1(0x02), L1(0x03), L1(0x04), L1(0x05), L1(0x06), L1(0x07),
+    L1(0x08), L1(0x09), L2(0x0a), L2(0x0b), L2(0x0c), L2(0x0d), L2(0x0e), L2(0x0f),
+    L2(0x10), L2(0x11), L2(0x12), L2(0x13), L2(0x14), L2(0x15), L2(0x16), L2(0x17),
+    L2(0x18), L2(0x19), L2(0x1a), L2(0x1b), L2(0x1c), L2(0x1d), L2(0x1e), L2(0x1f),
+    L2(0x20), L2(0x21), L2(0x22), L2(0x23), L2(0x24), L2(0x25), L2(0x26), L2(0x27),
+    L2(0x28), L2(0x29), L2(0x2a), L2(0x2b), L2(0x2c), L2(0x2d), L2(0x2e), L2(0x2f),
+    L2(0x30), L2(0x31), L2(0x32), L2(0x33), L2(0x34), L2(0x35), L2(0x36), L2(0x37),
+    L2(0x38), L2(0x39), L2(0x3a), L2(0x3b), L2(0x3c), L2(0x3d), L2(0x3e), L2(0x3f),
+    L2(0x40), L2(0x41), L2(0x42), L2(0x43), L2(0x44), L2(0x45), L2(0x46), L2(0x47),
+    L2(0x48), L2(0x49), L2(0x4a), L2(0x4b), L2(0x4c), L2(0x4d), L2(0x4e), L2(0x4f),
+    L2(0x50), L2(0x51), L2(0x52), L2(0x53), L2(0x54), L2(0x55), L2(0x56), L2(0x57),
+    L2(0x58), L2(0x59), L2(0x5a), L2(0x5b), L2(0x5c), L2(0x5d), L2(0x5e), L2(0x5f),
+    L2(0x60), L2(0x61), L2(0x62), L2(0x63), L3(0x64), L3(0x65), L3(0x66), L3(0x67),
+    L3(0x68), L3(0x69), L3(0x6a), L3(0x6b), L3(0x6c), L3(0x6d), L3(0x6e), L3(0x6f),
+    L3(0x70), L3(0x71), L3(0x72), L3(0x73), L3(0x74), L3(0x75), L3(0x76), L3(0x77),
+    L3(0x78), L3(0x79), L3(0x7a), L3(0x7b), L3(0x7c), L3(0x7d), L3(0x7e), L3(0x7f),
+    L3(0x80), L3(0x81), L3(0x82), L3(0x83), L3(0x84), L3(0x85), L3(0x86), L3(0x87),
+    L3(0x88), L3(0x89), L3(0x8a), L3(0x8b), L3(0x8c), L3(0x8d), L3(0x8e), L3(0x8f),
+    L3(0x90), L3(0x91), L3(0x92), L3(0x93), L3(0x94), L3(0x95), L3(0x96), L3(0x97),
+    L3(0x98), L3(0x99), L3(0x9a), L3(0x9b), L3(0x9c), L3(0x9d), L3(0x9e), L3(0x9f),
+    L3(0xa0), L3(0xa1), L3(0xa2), L3(0xa3), L3(0xa4), L3(0xa5), L3(0xa6), L3(0xa7),
+    L3(0xa8), L3(0xa9), L3(0xaa), L3(0xab), L3(0xac), L3(0xad), L3(0xae), L3(0xaf),
+    L3(0xb0), L3(0xb1), L3(0xb2), L3(0xb3), L3(0xb4), L3(0xb5), L3(0xb6), L3(0xb7),
+    L3(0xb8), L3(0xb9), L3(0xba), L3(0xbb), L3(0xbc), L3(0xbd), L3(0xbe), L3(0xbf),
+    L3(0xc0), L3(0xc1), L3(0xc2), L3(0xc3), L3(0xc4), L3(0xc5), L3(0xc6), L3(0xc7),
+    L3(0xc8), L3(0xc9), L3(0xca), L3(0xcb), L3(0xcc), L3(0xcd), L3(0xce), L3(0xcf),
+    L3(0xd0), L3(0xd1), L3(0xd2), L3(0xd3), L3(0xd4), L3(0xd5), L3(0xd6), L3(0xd7),
+    L3(0xd8), L3(0xd9), L3(0xda), L3(0xdb), L3(0xdc), L3(0xdd), L3(0xde), L3(0xdf),
+    L3(0xe0), L3(0xe1), L3(0xe2), L3(0xe3), L3(0xe4), L3(0xe5), L3(0xe6), L3(0xe7),
+    L3(0xe8), L3(0xe9), L3(0xea), L3(0xeb), L3(0xec), L3(0xed), L3(0xee), L3(0xef),
+    L3(0xf0), L3(0xf1), L3(0xf2), L3(0xf3), L3(0xf4), L3(0xf5), L3(0xf6), L3(0xf7),
+    L3(0xf8), L3(0xf9), L3(0xfa), L3(0xfb), L3(0xfc), L3(0xfd), L3(0xfe), L3(0xff)
+};
 
 #undef L1
 #undef L2
 #undef L3
 
+#undef C
+
 #undef O0
 #undef O1
 #undef O2
@@ -3536,7 +3598,7 @@ js_GetStringBytes(JSContext *cx, JSString *str)
     JSHashNumber hash;
     JSHashEntry *he, **hep;
 
-    if (JSString::isStatic(str)) {
+    if (JSString::isUnitString(str)) {
 #ifdef IS_LITTLE_ENDIAN
         /* Unit string data is {c, 0, 0, 0} so we can just cast. */
         return (char *)str->chars();
@@ -3546,6 +3608,14 @@ js_GetStringBytes(JSContext *cx, JSString *str)
 #endif            
     }
 
+    if (JSString::isIntString(str)) {
+        /*
+         * We must burn some space on deflated int strings to preserve static
+         * allocation (which is to say, JSRuntime independence).
+         */
+        return JSString::deflatedIntStringTable[str - JSString::intStringTable];
+    }
+
     if (cx) {
         rt = cx->runtime;
     } else {
diff --git a/js/src/jsstr.h b/js/src/jsstr.h
index 0e92fba2c3c..63196f3b38b 100644
--- a/js/src/jsstr.h
+++ b/js/src/jsstr.h
@@ -360,14 +360,22 @@ struct JSString {
         JS_ASSERT(isDependent() && dependentIsPrefix());
         mBase = bstr;
     }
-    
-    static inline bool isStatic(JSString *s) {
-        return (s >= unitStringTable && s < &unitStringTable[UNIT_STRING_LIMIT]) ||
-               (s >= intStringTable && s < &intStringTable[INT_STRING_LIMIT]);
+
+    static inline bool isUnitString(JSString *str) {
+        return unitStringTable <= str && str < &unitStringTable[UNIT_STRING_LIMIT];
+    }
+
+    static inline bool isIntString(JSString *str) {
+        return intStringTable <= str && str < &intStringTable[INT_STRING_LIMIT];
+    }
+
+    static inline bool isStatic(JSString *str) {
+        return isUnitString(str) || isIntString(str);
     }
 
     static JSString unitStringTable[];
     static JSString intStringTable[];
+    static const char *deflatedIntStringTable[];
 
     static JSString *unitString(jschar c);
     static JSString *getUnitString(JSContext *cx, JSString *str, size_t index);