[webkit-changes] cvs commit: JavaScriptCore ChangeLog

Darin darin at opensource.apple.com
Fri Aug 19 09:01:57 PDT 2005 

darin       05/08/19 09:01:57

  Modified:    kjs      nodes.cpp property_slot.h
               .        ChangeLog
  Log:
          Reviewed by Maciej.
          Revised and landed by Darin.
  
          - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4474
            REGRESSION: Crash when using in-place operator on uninitialized array element
  
          * kjs/nodes.cpp:
          (AssignResolveNode::evaluate): Remove unneeded "isSet" assertion.
          (AssignBracketNode::evaluate): Replace code that tested "isSet" with code that
          tests the return value of getPropertySlot.
  
          * kjs/property_slot.h: Removed unneeded "isSet" function. Property slots are
          either uninitialized or set. There's no "initialized and not set" state.
  
  Revision  Changes    Path
  1.76      +2 -6      JavaScriptCore/kjs/nodes.cpp
  
  Index: nodes.cpp
  ===================================================================
  RCS file: /cvs/root/JavaScriptCore/kjs/nodes.cpp,v
  retrieving revision 1.75
  retrieving revision 1.76
  diff -u -r1.75 -r1.76
  --- nodes.cpp	17 Aug 2005 01:00:00 -0000	1.75
  +++ nodes.cpp	19 Aug 2005 16:01:55 -0000	1.76
  @@ -1,4 +1,3 @@
  -// -*- c-basic-offset: 2 -*-
   /*
    *  This file is part of the KDE libraries
    *  Copyright (C) 1999-2002 Harri Porten (porten at kde.org)
  @@ -1675,7 +1674,6 @@
     if (m_oper == OpEqual) {
       v = m_right->evaluate(exec);
     } else {
  -    assert(slot.isSet());
       ValueImp *v1 = slot.getValue(exec, m_ident);
       KJS_CHECKEXCEPTIONVALUE
       ValueImp *v2 = m_right->evaluate(exec);
  @@ -1773,8 +1771,7 @@
         v = m_right->evaluate(exec);
       } else {
         PropertySlot slot;
  -      base->getPropertySlot(exec, propertyIndex, slot);    
  -      ValueImp *v1 = slot.isSet() ? slot.getValue(exec, propertyIndex) : Undefined();
  +      ValueImp *v1 = base->getPropertySlot(exec, propertyIndex, slot) ? slot.getValue(exec, propertyIndex) : Undefined();
         KJS_CHECKEXCEPTIONVALUE
         ValueImp *v2 = m_right->evaluate(exec);
         v = valueForReadModifyAssignment(exec, v1, v2, m_oper);
  @@ -1793,8 +1790,7 @@
       v = m_right->evaluate(exec);
     } else {
       PropertySlot slot;
  -    base->getPropertySlot(exec, propertyName, slot);    
  -    ValueImp *v1 = slot.isSet() ? slot.getValue(exec, propertyName) : Undefined();
  +    ValueImp *v1 = base->getPropertySlot(exec, propertyName, slot) ? slot.getValue(exec, propertyName) : Undefined();
       KJS_CHECKEXCEPTIONVALUE
       ValueImp *v2 = m_right->evaluate(exec);
       v = valueForReadModifyAssignment(exec, v1, v2, m_oper);
  
  
  
  1.4       +5 -4      JavaScriptCore/kjs/property_slot.h
  
  Index: property_slot.h
  ===================================================================
  RCS file: /cvs/root/JavaScriptCore/kjs/property_slot.h,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- property_slot.h	11 Aug 2005 10:26:53 -0000	1.3
  +++ property_slot.h	19 Aug 2005 16:01:55 -0000	1.4
  @@ -20,8 +20,8 @@
    *
    */
   
  -#ifndef _KJS_PROPERTY_SLOT_H_
  -#define _KJS_PROPERTY_SLOT_H_
  +#ifndef KJS_PROPERTY_SLOT_H
  +#define KJS_PROPERTY_SLOT_H
   
   #include "identifier.h"
   #include "value.h"
  @@ -38,8 +38,6 @@
   public:
       typedef ValueImp *(*GetValueFunc)(ExecState *, const Identifier&, const PropertySlot&);
   
  -    bool isSet() const { return m_getValue != 0; }
  -
       ValueImp *getValue(ExecState *exec, const Identifier& propertyName) const
       { 
           if (m_getValue == VALUE_SLOT_MARKER)
  @@ -63,6 +61,7 @@
   
       void setStaticEntry(ObjectImp *slotBase, const HashEntry *staticEntry, GetValueFunc getValue)
       {
  +        assert(getValue);
           m_slotBase = slotBase;
           m_data.staticEntry = staticEntry;
           m_getValue = getValue;
  @@ -70,12 +69,14 @@
   
       void setCustom(ObjectImp *slotBase, GetValueFunc getValue)
       {
  +        assert(getValue);
           m_slotBase = slotBase;
           m_getValue = getValue;
       }
   
       void setCustomIndex(ObjectImp *slotBase, unsigned long index, GetValueFunc getValue)
       {
  +        assert(getValue);
           m_slotBase = slotBase;
           m_data.index = index;
           m_getValue = getValue;
  
  
  
  1.804     +16 -0     JavaScriptCore/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/JavaScriptCore/ChangeLog,v
  retrieving revision 1.803
  retrieving revision 1.804
  diff -u -r1.803 -r1.804
  --- ChangeLog	19 Aug 2005 01:39:37 -0000	1.803
  +++ ChangeLog	19 Aug 2005 16:01:56 -0000	1.804
  @@ -1,3 +1,19 @@
  +2005-08-19  Mitz Pettel  <opendarwin.org at mitzpettel.com>
  +
  +        Reviewed by Maciej.
  +        Revised and landed by Darin.
  +
  +        - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4474
  +          REGRESSION: Crash when using in-place operator on uninitialized array element
  +
  +        * kjs/nodes.cpp:
  +        (AssignResolveNode::evaluate): Remove unneeded "isSet" assertion.
  +        (AssignBracketNode::evaluate): Replace code that tested "isSet" with code that
  +        tests the return value of getPropertySlot.
  +
  +        * kjs/property_slot.h: Removed unneeded "isSet" function. Property slots are
  +        either uninitialized or set. There's no "initialized and not set" state.
  +
   2005-08-18  Adele Peterson  <adele at apple.com>
   
           Checked "Inline Functions Hidden" box

More information about the webkit-changes mailing list