Bug 1289073 - Convert from double to unsigned before checking that the max frames is greater than zero; r=jimb

2016-07-25 15:07:22 -07:00 · 2016-07-25 15:07:22 -07:00 · 4e81593ca0
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@ -6,6 +6,7 @@

 #include "builtin/TestingFunctions.h"

+#include "mozilla/FloatingPoint.h"
 #include "mozilla/Move.h"
 #include "mozilla/unused.h"

@ -1105,17 +1106,18 @@ SaveStack(JSContext* cx, unsigned argc, Value* vp)

    JS::StackCapture capture((JS::AllFrames()));
    if (args.length() >= 1) {
-        double d;
-        if (!ToNumber(cx, args[0], &d))
+        double maxDouble;
+        if (!ToNumber(cx, args[0], &maxDouble))
            return false;
-        if (d < 0) {
+        if (mozilla::IsNaN(maxDouble) || maxDouble < 0 || maxDouble > UINT32_MAX) {
            ReportValueErrorFlags(cx, JSREPORT_ERROR, JSMSG_UNEXPECTED_TYPE,
                                  JSDVG_SEARCH_STACK, args[0], nullptr,
                                  "not a valid maximum frame count", NULL);
            return false;
        }
-        if (d > 0)
-            capture = JS::StackCapture(JS::MaxFrames(d));
+        uint32_t max = uint32_t(maxDouble);
+        if (max > 0)
+            capture = JS::StackCapture(JS::MaxFrames(max));
    }

    JSCompartment* targetCompartment = cx->compartment();
--- a/js/src/jit-test/tests/saved-stacks/bug-1289073.js
+++ b/js/src/jit-test/tests/saved-stacks/bug-1289073.js
@ -0,0 +1 @@
+saveStack(0.2);
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@ -5903,9 +5903,9 @@ struct AllFrames { };
 */
 struct MaxFrames
 {
-    unsigned maxFrames;
+    uint32_t maxFrames;

-    explicit MaxFrames(unsigned max)
+    explicit MaxFrames(uint32_t max)
      : maxFrames(max)
    {
        MOZ_ASSERT(max > 0);
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@ -52,7 +52,7 @@ namespace js {
 /**
 * Maximum number of saved frames returned for an async stack.
 */
-const unsigned ASYNC_STACK_MAX_FRAME_COUNT = 60;
+const uint32_t ASYNC_STACK_MAX_FRAME_COUNT = 60;

 /* static */ Maybe<LiveSavedFrameCache::FramePtr>
 LiveSavedFrameCache::getFramePtr(FrameIter& iter)
@ -1091,7 +1091,7 @@ SavedStacks::saveCurrentStack(JSContext* cx, MutableHandleSavedFrame frame,

 bool
 SavedStacks::copyAsyncStack(JSContext* cx, HandleObject asyncStack, HandleString asyncCause,
-                            MutableHandleSavedFrame adoptedStack, unsigned maxFrameCount)
+                            MutableHandleSavedFrame adoptedStack, uint32_t maxFrameCount)
 {
    MOZ_ASSERT(initialized());
    MOZ_RELEASE_ASSERT(cx->compartment());
@ -1307,7 +1307,7 @@ SavedStacks::insertFrames(JSContext* cx, FrameIter& iter, MutableHandleSavedFram
    // rest of the synchronous stack chain.
    RootedSavedFrame parentFrame(cx, cachedFrame);
    if (asyncStack && !capture.is<JS::FirstSubsumedFrame>()) {
-        unsigned maxAsyncFrames = capture.is<JS::MaxFrames>()
+        uint32_t maxAsyncFrames = capture.is<JS::MaxFrames>()
            ? capture.as<JS::MaxFrames>().maxFrames
            : ASYNC_STACK_MAX_FRAME_COUNT;
        if (!adoptAsyncStack(cx, asyncStack, asyncCause, &parentFrame, maxAsyncFrames))
@ -1338,7 +1338,7 @@ bool
 SavedStacks::adoptAsyncStack(JSContext* cx, HandleSavedFrame asyncStack,
                             HandleString asyncCause,
                             MutableHandleSavedFrame adoptedStack,
-                             unsigned maxFrameCount)
+                             uint32_t maxFrameCount)
 {
    RootedAtom asyncCauseAtom(cx, AtomizeString(cx, asyncCause));
    if (!asyncCauseAtom)
@ -1348,13 +1348,13 @@ SavedStacks::adoptAsyncStack(JSContext* cx, HandleSavedFrame asyncStack,
    // stack frames, but async stacks are not limited by the available stack
    // memory, so we need to set an arbitrary limit when collecting them. We
    // still don't enforce an upper limit if the caller requested more frames.
-    unsigned maxFrames = maxFrameCount > 0 ? maxFrameCount : ASYNC_STACK_MAX_FRAME_COUNT;
+    uint32_t maxFrames = maxFrameCount > 0 ? maxFrameCount : ASYNC_STACK_MAX_FRAME_COUNT;

    // Accumulate the vector of Lookup objects in |stackChain|.
    SavedFrame::AutoLookupVector stackChain(cx);
    SavedFrame* currentSavedFrame = asyncStack;
    SavedFrame* firstSavedFrameParent = nullptr;
-    for (unsigned i = 0; i < maxFrames && currentSavedFrame; i++) {
+    for (uint32_t i = 0; i < maxFrames && currentSavedFrame; i++) {
        if (!stackChain->emplaceBack(*currentSavedFrame)) {
            ReportOutOfMemory(cx);
            return false;
--- a/js/src/vm/SavedStacks.h
+++ b/js/src/vm/SavedStacks.h
@ -169,7 +169,7 @@ class SavedStacks {
    MOZ_MUST_USE bool copyAsyncStack(JSContext* cx, HandleObject asyncStack,
                                     HandleString asyncCause,
                                     MutableHandleSavedFrame adoptedStack,
-                                     unsigned maxFrameCount = 0);
+                                     uint32_t maxFrameCount = 0);
    void sweep();
    void trace(JSTracer* trc);
    uint32_t count();
@ -225,7 +225,7 @@ class SavedStacks {
    MOZ_MUST_USE bool adoptAsyncStack(JSContext* cx, HandleSavedFrame asyncStack,
                                      HandleString asyncCause,
                                      MutableHandleSavedFrame adoptedStack,
-                                      unsigned maxFrameCount);
+                                      uint32_t maxFrameCount);
    SavedFrame* getOrCreateSavedFrame(JSContext* cx, SavedFrame::HandleLookup lookup);
    SavedFrame* createFrameFromLookup(JSContext* cx, SavedFrame::HandleLookup lookup);