зеркало из https://github.com/mozilla/gecko-dev.git
Fix off-by-N in CG_COUNT_FINAL_SRCNOTES (214210).
This commit is contained in:
brendan%mozilla.org
Родитель
dac741004a
Коммит
ccebdd1892
|
|
@ -478,12 +478,20 @@ js_SetSrcNoteOffset(JSContext *cx, JSCodeGenerator *cg, uintN index,
|
|||
* the CG_COUNT_FINAL_SRCNOTES macro. This macro knows a lot about details of
|
||||
* js_FinishTakingSrcNotes.
|
||||
*/
|
||||
#define CG_COUNT_FINAL_SRCNOTES(cg) \
|
||||
((cg)->prolog.noteCount + \
|
||||
(((cg)->prolog.noteCount && (cg)->prolog.currentLine != (cg)->firstLine) \
|
||||
? 2 + (((cg)->firstLine > SN_3BYTE_OFFSET_MASK) << 1) \
|
||||
: 0) + \
|
||||
(cg)->main.noteCount + 1)
|
||||
#define CG_COUNT_FINAL_SRCNOTES(cg, cnt) \
|
||||
JS_BEGIN_MACRO \
|
||||
cnt = (cg)->main.noteCount + 1; \
|
||||
if ((cg)->prolog.noteCount) { \
|
||||
cnt += (cg)->prolog.noteCount; \
|
||||
if ((cg)->prolog.currentLine != (cg)->firstLine) { \
|
||||
ptrdiff_t diff_ = CG_PROLOG_OFFSET(cg) - \
|
||||
(cg)->prolog.lastNoteOffset; \
|
||||
if (diff_ > SN_DELTA_MASK) \
|
||||
cnt += JS_HOWMANY(diff_ - SN_DELTA_MASK, SN_XDELTA_MASK); \
|
||||
cnt += 2 + (((cg)->firstLine > SN_3BYTE_OFFSET_MASK) << 1); \
|
||||
} \
|
||||
} \
|
||||
JS_END_MACRO
|
||||
|
||||
extern JSBool
|
||||
js_FinishTakingSrcNotes(JSContext *cx, JSCodeGenerator *cg, jssrcnote *notes);
|
||||
|
|
@ -509,10 +517,12 @@ js_NewTryNote(JSContext *cx, JSCodeGenerator *cg, ptrdiff_t start,
|
|||
* preallocate enough space in a JSTryNote[] to pass as the notes parameter of
|
||||
* js_FinishTakingTryNotes.
|
||||
*/
|
||||
#define CG_COUNT_FINAL_TRYNOTES(cg) \
|
||||
(((cg)->tryNext > (cg)->tryBase) \
|
||||
? PTRDIFF(cg->tryNext, cg->tryBase, JSTryNote) + 1 \
|
||||
: 0)
|
||||
#define CG_COUNT_FINAL_TRYNOTES(cg, cnt) \
|
||||
JS_BEGIN_MACRO \
|
||||
cnt = ((cg)->tryNext > (cg)->tryBase) \
|
||||
? PTRDIFF(cg->tryNext, cg->tryBase, JSTryNote) + 1 \
|
||||
: 0; \
|
||||
JS_END_MACRO
|
||||
|
||||
extern void
|
||||
js_FinishTakingTryNotes(JSContext *cx, JSCodeGenerator *cg, JSTryNote *notes);
|
||||
|
|
|
|||
|
|
@ -510,11 +510,11 @@ js_XDRScript(JSXDRState *xdr, JSScript **scriptp, JSBool *hasMagic)
|
|||
|
||||
if (ntrynotes)
|
||||
nsrcnotes += JSTRYNOTE_ALIGNMASK;
|
||||
newscript = JS_realloc(cx, script,
|
||||
sizeof(JSScript) +
|
||||
length * sizeof(jsbytecode) +
|
||||
nsrcnotes * sizeof(jssrcnote) +
|
||||
ntrynotes * sizeof(JSTryNote));
|
||||
newscript = (JSScript *) JS_realloc(cx, script,
|
||||
sizeof(JSScript) +
|
||||
length * sizeof(jsbytecode) +
|
||||
nsrcnotes * sizeof(jssrcnote) +
|
||||
ntrynotes * sizeof(JSTryNote));
|
||||
if (!newscript)
|
||||
goto error;
|
||||
|
||||
|
|
@ -989,8 +989,8 @@ js_NewScript(JSContext *cx, uint32 length, uint32 nsrcnotes, uint32 ntrynotes)
|
|||
JSScript *script;
|
||||
|
||||
/* Round up source note count to align script->trynotes for its type. */
|
||||
/* XXX only if ntrynotes != 0, but then tinderbox tests crash */
|
||||
nsrcnotes += JSTRYNOTE_ALIGNMASK;
|
||||
if (ntrynotes)
|
||||
nsrcnotes += JSTRYNOTE_ALIGNMASK;
|
||||
script = (JSScript *) JS_malloc(cx,
|
||||
sizeof(JSScript) +
|
||||
length * sizeof(jsbytecode) +
|
||||
|
|
@ -1013,16 +1013,15 @@ js_NewScript(JSContext *cx, uint32 length, uint32 nsrcnotes, uint32 ntrynotes)
|
|||
JS_FRIEND_API(JSScript *)
|
||||
js_NewScriptFromCG(JSContext *cx, JSCodeGenerator *cg, JSFunction *fun)
|
||||
{
|
||||
uint32 mainLength, prologLength;
|
||||
uint32 mainLength, prologLength, nsrcnotes, ntrynotes;
|
||||
JSScript *script;
|
||||
const char *filename;
|
||||
|
||||
mainLength = CG_OFFSET(cg);
|
||||
prologLength = CG_PROLOG_OFFSET(cg);
|
||||
script = js_NewScript(cx,
|
||||
prologLength + mainLength,
|
||||
CG_COUNT_FINAL_SRCNOTES(cg),
|
||||
CG_COUNT_FINAL_TRYNOTES(cg));
|
||||
CG_COUNT_FINAL_SRCNOTES(cg, nsrcnotes);
|
||||
CG_COUNT_FINAL_TRYNOTES(cg, ntrynotes);
|
||||
script = js_NewScript(cx, prologLength + mainLength, nsrcnotes, ntrynotes);
|
||||
if (!script)
|
||||
return NULL;
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче