src/runtime.js - Issue 604064: Fix stack corruption when calling non-function. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(1091)

My Issues | Starred Open | Closed | All

Side by Side Diff: src/runtime.js

Issue 604064: Fix stack corruption when calling non-function. (Closed)

Patch Set: Created 10 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « src/runtime.cc ('k') | src/x64/builtins-x64.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2006-2008 the V8 project authors. All rights reserved.	1 // Copyright 2006-2008 the V8 project authors. All rights reserved.

2 // Redistribution and use in source and binary forms, with or without	2 // Redistribution and use in source and binary forms, with or without

3 // modification, are permitted provided that the following conditions are	3 // modification, are permitted provided that the following conditions are

4 // met:	4 // met:

5 //	5 //

6 // * Redistributions of source code must retain the above copyright	6 // * Redistributions of source code must retain the above copyright

7 // notice, this list of conditions and the following disclaimer.	7 // notice, this list of conditions and the following disclaimer.

8 // * Redistributions in binary form must reproduce the above	8 // * Redistributions in binary form must reproduce the above

9 // copyright notice, this list of conditions and the following	9 // copyright notice, this list of conditions and the following

10 // disclaimer in the documentation and/or other materials provided	10 // disclaimer in the documentation and/or other materials provided

(...skipping 377 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
388 // has a property with the given key; return the key as a string if	388 // has a property with the given key; return the key as a string if

389 // it has. Otherwise returns null. Used in for-in statements.	389 // it has. Otherwise returns null. Used in for-in statements.

390 function FILTER_KEY(key) {	390 function FILTER_KEY(key) {

391 var string = %ToString(key);	391 var string = %ToString(key);

392 if (%HasProperty(this, string)) return string;	392 if (%HasProperty(this, string)) return string;

393 return null;	393 return null;

394 }	394 }

395	395

396	396

397 function CALL_NON_FUNCTION() {	397 function CALL_NON_FUNCTION() {

398 var callee = %GetCalledFunction();	398 var delegate = %GetFunctionDelegate(this);

399 var delegate = %GetFunctionDelegate(callee);

400 if (!IS_FUNCTION(delegate)) {	399 if (!IS_FUNCTION(delegate)) {

401 throw %MakeTypeError('called_non_callable', [typeof callee]);	400 throw %MakeTypeError('called_non_callable', [typeof this]);

402 }	401 }

403	402 return delegate.apply(this, arguments);

404 var parameters = %NewArguments(delegate);

405 return delegate.apply(callee, parameters);

406 }	403 }

407	404

408	405

409 function CALL_NON_FUNCTION_AS_CONSTRUCTOR() {	406 function CALL_NON_FUNCTION_AS_CONSTRUCTOR() {

410 var callee = %GetCalledFunction();	407 var delegate = %GetConstructorDelegate(this);

411 var delegate = %GetConstructorDelegate(callee);

412 if (!IS_FUNCTION(delegate)) {	408 if (!IS_FUNCTION(delegate)) {

413 throw %MakeTypeError('called_non_callable', [typeof callee]);	409 throw %MakeTypeError('called_non_callable', [typeof this]);

414 }	410 }

415	411 return delegate.apply(this, arguments);

416 var parameters = %NewArguments(delegate);

417 return delegate.apply(callee, parameters);

418 }	412 }

419	413

420	414

421 function APPLY_PREPARE(args) {	415 function APPLY_PREPARE(args) {

422 var length;	416 var length;

423 // First check whether length is a positive Smi and args is an	417 // First check whether length is a positive Smi and args is an

424 // array. This is the fast case. If this fails, we do the slow case	418 // array. This is the fast case. If this fails, we do the slow case

425 // that takes care of more eventualities.	419 // that takes care of more eventualities.

426 if (IS_ARRAY(args)) {	420 if (IS_ARRAY(args)) {

427 length = args.length;	421 length = args.length;

(...skipping 210 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
638 throw %MakeTypeError('cannot_convert_to_primitive', []);	632 throw %MakeTypeError('cannot_convert_to_primitive', []);

639 }	633 }

640	634

641	635

642 // NOTE: Setting the prototype for Array must take place as early as	636 // NOTE: Setting the prototype for Array must take place as early as

643 // possible due to code generation for array literals. When	637 // possible due to code generation for array literals. When

644 // generating code for a array literal a boilerplate array is created	638 // generating code for a array literal a boilerplate array is created

645 // that is cloned when running the code. It is essiential that the	639 // that is cloned when running the code. It is essiential that the

646 // boilerplate gets the right prototype.	640 // boilerplate gets the right prototype.

647 %FunctionSetPrototype($Array, new $Array(0));	641 %FunctionSetPrototype($Array, new $Array(0));

OLD	NEW

« no previous file with comments | « src/runtime.cc ('k') | src/x64/builtins-x64.cc » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698