зеркало из https://github.com/mozilla/gecko-dev.git
Bug 488808: crash due to JSString INIT macros stomping deflated flag, r=brendan
This commit is contained in:
Родитель
a53703f832
Коммит
60c7bc2aa1
|
@ -5449,7 +5449,7 @@ JS_GetStringChars(JSString *str)
|
||||||
if (s) {
|
if (s) {
|
||||||
memcpy(s, JSSTRDEP_CHARS(str), n * sizeof *s);
|
memcpy(s, JSSTRDEP_CHARS(str), n * sizeof *s);
|
||||||
s[n] = 0;
|
s[n] = 0;
|
||||||
JSFLATSTR_INIT(str, s, n);
|
JSFLATSTR_REINIT(str, s, n);
|
||||||
} else {
|
} else {
|
||||||
s = JSSTRDEP_CHARS(str);
|
s = JSSTRDEP_CHARS(str);
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,7 +99,7 @@ js_MinimizeDependentStrings(JSString *str, int level, JSString **basep)
|
||||||
JSPREFIX_SET_BASE(str, base);
|
JSPREFIX_SET_BASE(str, base);
|
||||||
} else if (start <= JSSTRDEP_START_MASK) {
|
} else if (start <= JSSTRDEP_START_MASK) {
|
||||||
length = JSSTRDEP_LENGTH(str);
|
length = JSSTRDEP_LENGTH(str);
|
||||||
JSSTRDEP_INIT(str, base, start, length);
|
JSSTRDEP_REINIT(str, base, start, length);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
*basep = base;
|
*basep = base;
|
||||||
|
@ -182,7 +182,7 @@ js_ConcatStrings(JSContext *cx, JSString *left, JSString *right)
|
||||||
|
|
||||||
/* Morph left into a dependent prefix if we realloc'd its buffer. */
|
/* Morph left into a dependent prefix if we realloc'd its buffer. */
|
||||||
if (ldep) {
|
if (ldep) {
|
||||||
JSPREFIX_INIT(ldep, str, ln);
|
JSPREFIX_REINIT(ldep, str, ln);
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
{
|
{
|
||||||
JSRuntime *rt = cx->runtime;
|
JSRuntime *rt = cx->runtime;
|
||||||
|
@ -214,7 +214,7 @@ js_UndependString(JSContext *cx, JSString *str)
|
||||||
|
|
||||||
js_strncpy(s, JSSTRDEP_CHARS(str), n);
|
js_strncpy(s, JSSTRDEP_CHARS(str), n);
|
||||||
s[n] = 0;
|
s[n] = 0;
|
||||||
JSFLATSTR_INIT(str, s, n);
|
JSFLATSTR_REINIT(str, s, n);
|
||||||
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
{
|
{
|
||||||
|
|
|
@ -168,6 +168,17 @@ JS_STATIC_ASSERT(sizeof(size_t) == sizeof(jsword));
|
||||||
#define JSFLATSTR_CHARS(str) \
|
#define JSFLATSTR_CHARS(str) \
|
||||||
(JS_ASSERT(JSSTRING_IS_FLAT(str)), (str)->u.chars)
|
(JS_ASSERT(JSSTRING_IS_FLAT(str)), (str)->u.chars)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Special flat string initializer that preserves the JSSTR_DEFLATED flag.
|
||||||
|
* Use this macro when reinitializing an existing string (which may be
|
||||||
|
* hashed to its deflated bytes. Newborn strings must use JSFLATSTR_INIT.
|
||||||
|
*/
|
||||||
|
#define JSFLATSTR_REINIT(str, chars_, length_) \
|
||||||
|
((void)(JS_ASSERT(((length_) & ~JSSTRING_LENGTH_MASK) == 0), \
|
||||||
|
(str)->length = ((str)->length & JSSTRFLAG_DEFLATED) | \
|
||||||
|
(length_ & ~JSSTRFLAG_DEFLATED), \
|
||||||
|
(str)->u.chars = (chars_)))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Macros to manipulate atomized and mutable flags of flat strings. It is safe
|
* Macros to manipulate atomized and mutable flags of flat strings. It is safe
|
||||||
* to use these without extra locking due to the following properties:
|
* to use these without extra locking due to the following properties:
|
||||||
|
@ -233,10 +244,24 @@ JS_STATIC_ASSERT(sizeof(size_t) == sizeof(jsword));
|
||||||
| (len), \
|
| (len), \
|
||||||
(str)->u.base = (bstr))
|
(str)->u.base = (bstr))
|
||||||
|
|
||||||
|
/* See JSFLATSTR_INIT. */
|
||||||
|
#define JSSTRDEP_REINIT(str,bstr,off,len) \
|
||||||
|
((str)->length = JSSTRFLAG_DEPENDENT \
|
||||||
|
| ((str->length) & JSSTRFLAG_DEFLATED) \
|
||||||
|
| ((off) << JSSTRDEP_START_SHIFT) \
|
||||||
|
| (len), \
|
||||||
|
(str)->u.base = (bstr))
|
||||||
|
|
||||||
#define JSPREFIX_INIT(str,bstr,len) \
|
#define JSPREFIX_INIT(str,bstr,len) \
|
||||||
((str)->length = JSSTRFLAG_DEPENDENT | JSSTRFLAG_PREFIX | (len), \
|
((str)->length = JSSTRFLAG_DEPENDENT | JSSTRFLAG_PREFIX | (len), \
|
||||||
(str)->u.base = (bstr))
|
(str)->u.base = (bstr))
|
||||||
|
|
||||||
|
/* See JSFLATSTR_INIT. */
|
||||||
|
#define JSPREFIX_REINIT(str,bstr,len) \
|
||||||
|
((str)->length = JSSTRFLAG_DEPENDENT | JSSTRFLAG_PREFIX | \
|
||||||
|
((str->length) & JSSTRFLAG_DEFLATED) | (len), \
|
||||||
|
(str)->u.base = (bstr))
|
||||||
|
|
||||||
#define JSSTRDEP_BASE(str) ((str)->u.base)
|
#define JSSTRDEP_BASE(str) ((str)->u.base)
|
||||||
#define JSPREFIX_BASE(str) JSSTRDEP_BASE(str)
|
#define JSPREFIX_BASE(str) JSSTRDEP_BASE(str)
|
||||||
#define JSPREFIX_SET_BASE(str,bstr) ((str)->u.base = (bstr))
|
#define JSPREFIX_SET_BASE(str,bstr) ((str)->u.base = (bstr))
|
||||||
|
|
Загрузка…
Ссылка в новой задаче