[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d
oliver at apple.com
oliver at apple.com
Thu Dec 3 13:36:21 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 4e0f03cbd2044db6f9696a18538d28bd4cbd8866
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Nov 13 20:42:16 2009 +0000
JSValueProtect and JSValueUnprotect don't protect API wrapper values
https://bugs.webkit.org/show_bug.cgi?id=31485
Reviewed by Geoff Garen.
Make JSValueProtect/Unprotect use a new 'toJS' function, 'toJSForGC' that
does not attempt to to strip out API wrapper objects.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50964 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/API/APICast.h b/JavaScriptCore/API/APICast.h
index b9167a8..3b65e09 100644
--- a/JavaScriptCore/API/APICast.h
+++ b/JavaScriptCore/API/APICast.h
@@ -73,6 +73,18 @@ inline JSC::JSValue toJS(JSC::ExecState*, JSValueRef v)
#endif
}
+inline JSC::JSValue toJSForGC(JSC::ExecState*, JSValueRef v)
+{
+#if USE(JSVALUE32_64)
+ JSC::JSCell* jsCell = reinterpret_cast<JSC::JSCell*>(const_cast<OpaqueJSValue*>(v));
+ if (!jsCell)
+ return JSC::JSValue();
+ return jsCell;
+#else
+ return JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
+#endif
+}
+
inline JSC::JSObject* toJS(JSObjectRef o)
{
return reinterpret_cast<JSC::JSObject*>(o);
diff --git a/JavaScriptCore/API/JSValueRef.cpp b/JavaScriptCore/API/JSValueRef.cpp
index 2207181..821abda 100644
--- a/JavaScriptCore/API/JSValueRef.cpp
+++ b/JavaScriptCore/API/JSValueRef.cpp
@@ -307,7 +307,7 @@ void JSValueProtect(JSContextRef ctx, JSValueRef value)
exec->globalData().heap.registerThread();
JSLock lock(exec);
- JSValue jsValue = toJS(exec, value);
+ JSValue jsValue = toJSForGC(exec, value);
gcProtect(jsValue);
}
@@ -317,6 +317,6 @@ void JSValueUnprotect(JSContextRef ctx, JSValueRef value)
exec->globalData().heap.registerThread();
JSLock lock(exec);
- JSValue jsValue = toJS(exec, value);
+ JSValue jsValue = toJSForGC(exec, value);
gcUnprotect(jsValue);
}
diff --git a/JavaScriptCore/API/tests/testapi.c b/JavaScriptCore/API/tests/testapi.c
index 152babc..2c17ecf 100644
--- a/JavaScriptCore/API/tests/testapi.c
+++ b/JavaScriptCore/API/tests/testapi.c
@@ -737,6 +737,15 @@ static void testInitializeFinalize()
ASSERT(JSObjectGetPrivate(o) == (void*)3);
}
+static JSValueRef jsNumberValue = NULL;
+
+static void makeGlobalNumberValue(JSContextRef context) {
+ JSValueRef v = JSValueMakeNumber(context, 420);
+ JSValueProtect(context, v);
+ jsNumberValue = v;
+ v = NULL;
+}
+
int main(int argc, char* argv[])
{
const char *scriptPath = "testapi.js";
@@ -948,10 +957,12 @@ int main(int argc, char* argv[])
CFRelease(cfEmptyString);
jsGlobalValue = JSObjectMake(context, NULL, NULL);
+ makeGlobalNumberValue(context);
JSValueProtect(context, jsGlobalValue);
JSGarbageCollect(context);
ASSERT(JSValueIsObject(context, jsGlobalValue));
JSValueUnprotect(context, jsGlobalValue);
+ JSValueUnprotect(context, jsNumberValue);
JSStringRef goodSyntax = JSStringCreateWithUTF8CString("x = 1;");
JSStringRef badSyntax = JSStringCreateWithUTF8CString("x := 1;");
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index b62b27b..3f39e6b 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,22 @@
+2009-11-13 Oliver Hunt <oliver at apple.com>
+
+ Reviewed by Geoff Garen.
+
+ JSValueProtect and JSValueUnprotect don't protect API wrapper values
+ https://bugs.webkit.org/show_bug.cgi?id=31485
+
+ Make JSValueProtect/Unprotect use a new 'toJS' function, 'toJSForGC' that
+ does not attempt to to strip out API wrapper objects.
+
+ * API/APICast.h:
+ (toJSForGC):
+ * API/JSValueRef.cpp:
+ (JSValueProtect):
+ (JSValueUnprotect):
+ * API/tests/testapi.c:
+ (makeGlobalNumberValue):
+ (main):
+
2009-11-13 İsmail Dönmez <ismail at namtrac.org>
Reviewed by Antti Koivisto.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list