Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(87)

Side by Side Diff: src/parser.cc

Issue 2876046: Prevent invalid pre-parsing data passed in through the API from crashing V8. (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/messages.js ('k') | test/cctest/test-api.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2010 the V8 project authors. All rights reserved. 1 // Copyright 2010 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 127
128 protected: 128 protected:
129 129
130 enum Mode { 130 enum Mode {
131 PARSE_LAZILY, 131 PARSE_LAZILY,
132 PARSE_EAGERLY 132 PARSE_EAGERLY
133 }; 133 };
134 134
135 // Report syntax error 135 // Report syntax error
136 void ReportUnexpectedToken(Token::Value token); 136 void ReportUnexpectedToken(Token::Value token);
137 void ReportInvalidPreparseData(Handle<String> name, bool* ok);
137 138
138 Handle<Script> script_; 139 Handle<Script> script_;
139 Scanner scanner_; 140 Scanner scanner_;
140 141
141 Scope* top_scope_; 142 Scope* top_scope_;
142 int with_nesting_level_; 143 int with_nesting_level_;
143 144
144 TemporaryScope* temp_scope_; 145 TemporaryScope* temp_scope_;
145 Mode mode_; 146 Mode mode_;
146 147
(...skipping 3109 matching lines...) Expand 10 before | Expand all | Expand 10 after
3256 return ReportMessage("unexpected_token_identifier", 3257 return ReportMessage("unexpected_token_identifier",
3257 Vector<const char*>::empty()); 3258 Vector<const char*>::empty());
3258 default: 3259 default:
3259 const char* name = Token::String(token); 3260 const char* name = Token::String(token);
3260 ASSERT(name != NULL); 3261 ASSERT(name != NULL);
3261 ReportMessage("unexpected_token", Vector<const char*>(&name, 1)); 3262 ReportMessage("unexpected_token", Vector<const char*>(&name, 1));
3262 } 3263 }
3263 } 3264 }
3264 3265
3265 3266
3267 void Parser::ReportInvalidPreparseData(Handle<String> name, bool* ok) {
3268 SmartPointer<char> name_string = name->ToCString(DISALLOW_NULLS);
3269 const char* element[1] = { *name_string };
3270 ReportMessage("invalid_preparser_data",
3271 Vector<const char*>(element, 1));
3272 *ok = false;
3273 }
3274
3275
3266 Expression* Parser::ParsePrimaryExpression(bool* ok) { 3276 Expression* Parser::ParsePrimaryExpression(bool* ok) {
3267 // PrimaryExpression :: 3277 // PrimaryExpression ::
3268 // 'this' 3278 // 'this'
3269 // 'null' 3279 // 'null'
3270 // 'true' 3280 // 'true'
3271 // 'false' 3281 // 'false'
3272 // Identifier 3282 // Identifier
3273 // Number 3283 // Number
3274 // String 3284 // String
3275 // ArrayLiteral 3285 // ArrayLiteral
(...skipping 527 matching lines...) Expand 10 before | Expand all | Expand 10 after
3803 // only be PARSE_LAZILY if the --lazy flag is true. 3813 // only be PARSE_LAZILY if the --lazy flag is true.
3804 bool is_lazily_compiled = 3814 bool is_lazily_compiled =
3805 mode() == PARSE_LAZILY && top_scope_->HasTrivialOuterContext(); 3815 mode() == PARSE_LAZILY && top_scope_->HasTrivialOuterContext();
3806 3816
3807 int materialized_literal_count; 3817 int materialized_literal_count;
3808 int expected_property_count; 3818 int expected_property_count;
3809 bool only_simple_this_property_assignments; 3819 bool only_simple_this_property_assignments;
3810 Handle<FixedArray> this_property_assignments; 3820 Handle<FixedArray> this_property_assignments;
3811 if (is_lazily_compiled && pre_data() != NULL) { 3821 if (is_lazily_compiled && pre_data() != NULL) {
3812 FunctionEntry entry = pre_data()->GetFunctionEnd(start_pos); 3822 FunctionEntry entry = pre_data()->GetFunctionEnd(start_pos);
3823 if (!entry.is_valid()) {
3824 ReportInvalidPreparseData(name, CHECK_OK);
3825 }
3813 int end_pos = entry.end_pos(); 3826 int end_pos = entry.end_pos();
3827 if (end_pos <= start_pos) {
3828 // End position greater than end of stream is safe, and hard to check.
3829 ReportInvalidPreparseData(name, CHECK_OK);
3830 }
3814 Counters::total_preparse_skipped.Increment(end_pos - start_pos); 3831 Counters::total_preparse_skipped.Increment(end_pos - start_pos);
3815 scanner_.SeekForward(end_pos); 3832 scanner_.SeekForward(end_pos);
3816 materialized_literal_count = entry.literal_count(); 3833 materialized_literal_count = entry.literal_count();
3817 expected_property_count = entry.property_count(); 3834 expected_property_count = entry.property_count();
3818 only_simple_this_property_assignments = false; 3835 only_simple_this_property_assignments = false;
3819 this_property_assignments = Factory::empty_fixed_array(); 3836 this_property_assignments = Factory::empty_fixed_array();
3820 } else { 3837 } else {
3821 ParseSourceElements(&body, Token::RBRACE, CHECK_OK); 3838 ParseSourceElements(&body, Token::RBRACE, CHECK_OK);
3822 materialized_literal_count = temp_scope.materialized_literal_count(); 3839 materialized_literal_count = temp_scope.materialized_literal_count();
3823 expected_property_count = temp_scope.expected_property_count(); 3840 expected_property_count = temp_scope.expected_property_count();
(...skipping 1355 matching lines...) Expand 10 before | Expand all | Expand 10 after
5179 parser.ParseLazy(script_source, name, 5196 parser.ParseLazy(script_source, name,
5180 start_position, end_position, is_expression); 5197 start_position, end_position, is_expression);
5181 return result; 5198 return result;
5182 } 5199 }
5183 5200
5184 5201
5185 #undef NEW 5202 #undef NEW
5186 5203
5187 5204
5188 } } // namespace v8::internal 5205 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/messages.js ('k') | test/cctest/test-api.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698