src/runtime.cc - Issue 362983004: Harden Runtime_LiveEditCheckAndDropActivations against unsafe args.

Side by Side Diff: src/runtime.cc

Issue 362983004: Harden Runtime_LiveEditCheckAndDropActivations against unsafe args. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2012 the V8 project authors. All rights reserved.	1 // Copyright 2012 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stdlib.h>	5 #include <stdlib.h>

6 #include <limits>	6 #include <limits>

7	7

8 #include "src/v8.h"	8 #include "src/v8.h"

9	9

10 #include "src/accessors.h"	10 #include "src/accessors.h"

(...skipping 13485 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
13496 // checks that none of them have activations on stacks (of any thread).	13496 // checks that none of them have activations on stacks (of any thread).

13497 // Returns array of the same length with corresponding results of	13497 // Returns array of the same length with corresponding results of

13498 // LiveEdit::FunctionPatchabilityStatus type.	13498 // LiveEdit::FunctionPatchabilityStatus type.

13499 RUNTIME_FUNCTION(Runtime_LiveEditCheckAndDropActivations) {	13499 RUNTIME_FUNCTION(Runtime_LiveEditCheckAndDropActivations) {

13500 HandleScope scope(isolate);	13500 HandleScope scope(isolate);

13501 CHECK(isolate->debug()->live_edit_enabled());	13501 CHECK(isolate->debug()->live_edit_enabled());

13502 ASSERT(args.length() == 2);	13502 ASSERT(args.length() == 2);

13503 CONVERT_ARG_HANDLE_CHECKED(JSArray, shared_array, 0);	13503 CONVERT_ARG_HANDLE_CHECKED(JSArray, shared_array, 0);

13504 CONVERT_BOOLEAN_ARG_CHECKED(do_drop, 1);	13504 CONVERT_BOOLEAN_ARG_CHECKED(do_drop, 1);

13505 RUNTIME_ASSERT(shared_array->length()->IsSmi());	13505 RUNTIME_ASSERT(shared_array->length()->IsSmi());

	13506 RUNTIME_ASSERT(shared_array->HasFastElements())

13506 int array_length = Smi::cast(shared_array->length())->value();	13507 int array_length = Smi::cast(shared_array->length())->value();

13507 for (int i = 0; i < array_length; i++) {	13508 for (int i = 0; i < array_length; i++) {

13508 Handle<Object> element =	13509 Handle<Object> element =

13509 Object::GetElement(isolate, shared_array, i).ToHandleChecked();	13510 Object::GetElement(isolate, shared_array, i).ToHandleChecked();

13510 RUNTIME_ASSERT(	13511 RUNTIME_ASSERT(

13511 element->IsJSValue() &&	13512 element->IsJSValue() &&

13512 Handle<JSValue>::cast(element)->value()->IsSharedFunctionInfo());	13513 Handle<JSValue>::cast(element)->value()->IsSharedFunctionInfo());

13513 }	13514 }

13514	13515

13515 return *LiveEdit::CheckAndDropActivations(shared_array, do_drop);	13516 return *LiveEdit::CheckAndDropActivations(shared_array, do_drop);

(...skipping 1586 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
15102 }	15103 }

15103 return NULL;	15104 return NULL;

15104 }	15105 }

15105	15106

15106	15107

15107 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {	15108 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {

15108 return &(kIntrinsicFunctions[static_cast<int>(id)]);	15109 return &(kIntrinsicFunctions[static_cast<int>(id)]);

15109 }	15110 }

15110	15111

15111 } } // namespace v8::internal	15112 } } // namespace v8::internal

OLD	NEW

« no previous file with comments | « src/liveedit.cc ('k') | test/mjsunit/regress/regress-crbug-390925.js » ('j') | no next file with comments »