AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

MIPS: Catch non-string subject in RegExpExecStub.

Browse Source 
Port r10064 (9c6789a3)

Original commit message:
There is no test case to trigger any crash. This is only to guard against the case that the native function is called with unsafe arguments.

BUG=
TEST=

Review URL: http://codereview.chromium.org/8742012
Patch from Daniel Kalmar <kalmard@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10097 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
yangguo@chromium.org 2011-11-30 16:36:00 +00:00
parent 3c82957f04
commit 5371508b4f
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/mips/code-stubs-mips.cc
View File

@ -4746,7 +4746,8 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Label seq_string;
__ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
// First check for flat string.
// First check for flat string. None of the following string type tests will
// succeed if kIsNotStringTag is set.
__ And(a1, a0, Operand(kIsNotStringMask | kStringRepresentationMask));
STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
__ Branch(&seq_string, eq, a1, Operand(zero_reg));
@ -4754,6 +4755,7 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
// subject: Subject string
// a0: instance type if Subject string
// regexp_data: RegExp data (FixedArray)
// a1: whether subject is a string and if yes, its string representation
// Check for flat cons string or sliced string.
// A flat cons string is a cons string where the second part is the empty
// string. In that case the subject string is just the first part of the cons
@ -4763,9 +4765,15 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Label cons_string, check_encoding;
STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
__ Branch(&cons_string, lt, a1, Operand(kExternalStringTag));
__ Branch(&runtime, eq, a1, Operand(kExternalStringTag));
// Catch non-string subject (should already have been guarded against).
STATIC_ASSERT(kNotStringTag != 0);
__ And(at, a1, Operand(kIsNotStringMask));
__ Branch(&runtime, ne, at, Operand(zero_reg));
// String is sliced.
__ lw(t0, FieldMemOperand(subject, SlicedString::kOffsetOffset));
__ sra(t0, t0, kSmiTagSize);