Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/liveedit.cc

Issue 362983004: Harden Runtime_LiveEditCheckAndDropActivations against unsafe args. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | src/runtime.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 5
6 #include "src/v8.h" 6 #include "src/v8.h"
7 7
8 #include "src/liveedit.h" 8 #include "src/liveedit.h"
9 9
10 #include "src/code-stubs.h" 10 #include "src/code-stubs.h"
(...skipping 1939 matching lines...) Expand 10 before | Expand all | Expand 10 after
1950 Handle<JSArray> result_; 1950 Handle<JSArray> result_;
1951 bool has_blocked_functions_; 1951 bool has_blocked_functions_;
1952 }; 1952 };
1953 1953
1954 1954
1955 Handle<JSArray> LiveEdit::CheckAndDropActivations( 1955 Handle<JSArray> LiveEdit::CheckAndDropActivations(
1956 Handle<JSArray> shared_info_array, bool do_drop) { 1956 Handle<JSArray> shared_info_array, bool do_drop) {
1957 Isolate* isolate = shared_info_array->GetIsolate(); 1957 Isolate* isolate = shared_info_array->GetIsolate();
1958 int len = GetArrayLength(shared_info_array); 1958 int len = GetArrayLength(shared_info_array);
1959 1959
1960 CHECK(shared_info_array->HasFastElements()); 1960 ASSERT(shared_info_array->HasFastElements());
1961 Handle<FixedArray> shared_info_array_elements( 1961 Handle<FixedArray> shared_info_array_elements(
1962 FixedArray::cast(shared_info_array->elements())); 1962 FixedArray::cast(shared_info_array->elements()));
1963 1963
1964 Handle<JSArray> result = isolate->factory()->NewJSArray(len); 1964 Handle<JSArray> result = isolate->factory()->NewJSArray(len);
1965 Handle<FixedArray> result_elements = 1965 Handle<FixedArray> result_elements =
1966 JSObject::EnsureWritableFastElements(result); 1966 JSObject::EnsureWritableFastElements(result);
1967 1967
1968 // Fill the default values. 1968 // Fill the default values.
1969 for (int i = 0; i < len; i++) { 1969 for (int i = 0; i < len; i++) {
1970 FunctionPatchabilityStatus status = FUNCTION_AVAILABLE_FOR_PATCH; 1970 FunctionPatchabilityStatus status = FUNCTION_AVAILABLE_FOR_PATCH;
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
2078 void LiveEditFunctionTracker::RecordRootFunctionInfo(Handle<Code> code) { 2078 void LiveEditFunctionTracker::RecordRootFunctionInfo(Handle<Code> code) {
2079 isolate_->active_function_info_listener()->FunctionCode(code); 2079 isolate_->active_function_info_listener()->FunctionCode(code);
2080 } 2080 }
2081 2081
2082 2082
2083 bool LiveEditFunctionTracker::IsActive(Isolate* isolate) { 2083 bool LiveEditFunctionTracker::IsActive(Isolate* isolate) {
2084 return isolate->active_function_info_listener() != NULL; 2084 return isolate->active_function_info_listener() != NULL;
2085 } 2085 }
2086 2086
2087 } } // namespace v8::internal 2087 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | src/runtime.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698