diff options
| author | Chris Adams <christopher.adams@nokia.com> | 2012-08-09 14:34:58 +1000 |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2012-08-09 09:56:30 +0200 |
| commit | 30662b5d64ff633f57d89290da2a85507d561187 (patch) | |
| tree | 96e6765db95a742df42f5c48f13411ddf3257416 /src/3rdparty | |
| parent | f489fb6c7d056514cc916d06ea11bacda37eb062 (diff) | |
| download | qtjsbackend-30662b5d64ff633f57d89290da2a85507d561187.tar.gz | |
Only read symbol_id for strings which are known to be symbols
Ensures that uninitialised symbol_id is not dereferenced if the
string is created on the stack via code generators instead of on
the heap.
Task-number: QTBUG-23126
Change-Id: I083586ad46796e70b0246413742d326c60f379e5
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Diffstat (limited to 'src/3rdparty')
| -rw-r--r-- | src/3rdparty/v8/src/api.cc | 2 | ||||
| -rw-r--r-- | src/3rdparty/v8/src/heap-inl.h | 2 | ||||
| -rw-r--r-- | src/3rdparty/v8/src/heap.cc | 2 |
3 files changed, 1 insertions, 5 deletions
diff --git a/src/3rdparty/v8/src/api.cc b/src/3rdparty/v8/src/api.cc index 1becc61..70d0a8a 100644 --- a/src/3rdparty/v8/src/api.cc +++ b/src/3rdparty/v8/src/api.cc @@ -3911,7 +3911,7 @@ String::CompleteHashData String::CompleteHash() const { CompleteHashData result; result.length = str->length(); result.hash = str->Hash(); - if (str->IsSeqString()) + if (str->IsSeqAsciiString() && str->IsSymbol()) result.symbol_id = i::SeqString::cast(*str)->symbol_id(); return result; } diff --git a/src/3rdparty/v8/src/heap-inl.h b/src/3rdparty/v8/src/heap-inl.h index 3e036b6..d1f66a8 100644 --- a/src/3rdparty/v8/src/heap-inl.h +++ b/src/3rdparty/v8/src/heap-inl.h @@ -127,7 +127,6 @@ MaybeObject* Heap::AllocateAsciiSymbol(Vector<const char> str, String* answer = String::cast(result); answer->set_length(str.length()); answer->set_hash_field(hash_field); - SeqString::cast(answer)->set_symbol_id(0); ASSERT_EQ(size, answer->Size()); @@ -161,7 +160,6 @@ MaybeObject* Heap::AllocateTwoByteSymbol(Vector<const uc16> str, String* answer = String::cast(result); answer->set_length(str.length()); answer->set_hash_field(hash_field); - SeqString::cast(answer)->set_symbol_id(0); ASSERT_EQ(size, answer->Size()); diff --git a/src/3rdparty/v8/src/heap.cc b/src/3rdparty/v8/src/heap.cc index 933cec6..f678517 100644 --- a/src/3rdparty/v8/src/heap.cc +++ b/src/3rdparty/v8/src/heap.cc @@ -4490,7 +4490,6 @@ MaybeObject* Heap::AllocateRawAsciiString(int length, PretenureFlag pretenure) { HeapObject::cast(result)->set_map_no_write_barrier(ascii_string_map()); String::cast(result)->set_length(length); String::cast(result)->set_hash_field(String::kEmptyHashField); - SeqString::cast(result)->set_symbol_id(0); ASSERT_EQ(size, HeapObject::cast(result)->Size()); return result; } @@ -4527,7 +4526,6 @@ MaybeObject* Heap::AllocateRawTwoByteString(int length, HeapObject::cast(result)->set_map_no_write_barrier(string_map()); String::cast(result)->set_length(length); String::cast(result)->set_hash_field(String::kEmptyHashField); - SeqString::cast(result)->set_symbol_id(0); ASSERT_EQ(size, HeapObject::cast(result)->Size()); return result; } |