| OLD | NEW |
|---|
| 1 // Copyright 2010 the V8 project authors. All rights reserved. | 1 // Copyright 2010 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 9338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9349 // Goto slow case if we do not have a function. | 9349 // Goto slow case if we do not have a function. |
| 9350 __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx); | 9350 __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx); |
| 9351 __ j(not_equal, &slow, not_taken); | 9351 __ j(not_equal, &slow, not_taken); |
| 9352 | 9352 |
| 9353 // Fast-case: Just invoke the function. | 9353 // Fast-case: Just invoke the function. |
| 9354 ParameterCount actual(argc_); | 9354 ParameterCount actual(argc_); |
| 9355 __ InvokeFunction(edi, actual, JUMP_FUNCTION); | 9355 __ InvokeFunction(edi, actual, JUMP_FUNCTION); |
| 9356 | 9356 |
| 9357 // Slow-case: Non-function called. | 9357 // Slow-case: Non-function called. |
| 9358 __ bind(&slow); | 9358 __ bind(&slow); |
| 9359 // CALL_NON_FUNCTION expects the non-function callee as receiver (instead |
| 9360 // of the original receiver from the call site). |
| 9361 __ mov(Operand(esp, (argc_ + 1) * kPointerSize), edi); |
| 9359 __ Set(eax, Immediate(argc_)); | 9362 __ Set(eax, Immediate(argc_)); |
| 9360 __ Set(ebx, Immediate(0)); | 9363 __ Set(ebx, Immediate(0)); |
| 9361 __ GetBuiltinEntry(edx, Builtins::CALL_NON_FUNCTION); | 9364 __ GetBuiltinEntry(edx, Builtins::CALL_NON_FUNCTION); |
| 9362 Handle<Code> adaptor(Builtins::builtin(Builtins::ArgumentsAdaptorTrampoline)); | 9365 Handle<Code> adaptor(Builtins::builtin(Builtins::ArgumentsAdaptorTrampoline)); |
| 9363 __ jmp(adaptor, RelocInfo::CODE_TARGET); | 9366 __ jmp(adaptor, RelocInfo::CODE_TARGET); |
| 9364 } | 9367 } |
| 9365 | 9368 |
| 9366 | 9369 |
| 9367 void CEntryStub::GenerateThrowTOS(MacroAssembler* masm) { | 9370 void CEntryStub::GenerateThrowTOS(MacroAssembler* masm) { |
| 9368 // eax holds the exception. | 9371 // eax holds the exception. |
| (...skipping 1250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10619 | 10622 |
| 10620 // Call the runtime; it returns -1 (less), 0 (equal), or 1 (greater) | 10623 // Call the runtime; it returns -1 (less), 0 (equal), or 1 (greater) |
| 10621 // tagged as a small integer. | 10624 // tagged as a small integer. |
| 10622 __ bind(&runtime); | 10625 __ bind(&runtime); |
| 10623 __ TailCallRuntime(ExternalReference(Runtime::kStringCompare), 2, 1); | 10626 __ TailCallRuntime(ExternalReference(Runtime::kStringCompare), 2, 1); |
| 10624 } | 10627 } |
| 10625 | 10628 |
| 10626 #undef __ | 10629 #undef __ |
| 10627 | 10630 |
| 10628 } } // namespace v8::internal | 10631 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 604064:
Fix stack corruption when calling non-function. (Closed)
