[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

mjs mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:15:25 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 81b8484dbc1bb7ad52efce7a2e33b495d071dd06
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Dec 2 10:11:47 2003 +0000

            Merged patches from Harri Porten and David Faure to fix:
    
    	<rdar://problem/3497643>: reproducible crash printing self-referential array
    
    	* kjs/array_object.cpp:
            (ArrayProtoFuncImp::call): Break out of the loop if an exception was thrown.
            * kjs/nodes.cpp:
            (FunctionCallNode::evaluate): Move function call depth check from here...
            * kjs/object.cpp:
            (KJS::Object::call): ...to here.
            * kjs/object.h: Un-inline Object::call now that it does more.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5645 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 37b100e..3d51dcb 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2003-12-02  Maciej Stachowiak  <mjs at apple.com>
+
+        Merged patches from Harri Porten and David Faure to fix:
+
+	<rdar://problem/3497643>: reproducible crash printing self-referential array
+        
+	* kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call): Break out of the loop if an exception was thrown.
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate): Move function call depth check from here...
+        * kjs/object.cpp:
+        (KJS::Object::call): ...to here.
+        * kjs/object.h: Un-inline Object::call now that it does more.
+
 2003-12-01  Richard Williamson   <rjw at apple.com>
 
 	Fixed mistake in method signatures used to get boolean and integer fields.
diff --git a/JavaScriptCore/kjs/array_object.cpp b/JavaScriptCore/kjs/array_object.cpp
index c4a0bae..904ea38 100644
--- a/JavaScriptCore/kjs/array_object.cpp
+++ b/JavaScriptCore/kjs/array_object.cpp
@@ -469,6 +469,8 @@ Value ArrayProtoFuncImp::call(ExecState *exec, Object &thisObj, const List &args
       Value element = thisObj.get(exec,k);
       if (element.type() != UndefinedType && element.type() != NullType)
         str += element.toString(exec);
+      if ( exec->hadException() )
+	break;
     }
     result = String(str);
     break;
diff --git a/JavaScriptCore/kjs/nodes.cpp b/JavaScriptCore/kjs/nodes.cpp
index 6c18f84..65da755 100644
--- a/JavaScriptCore/kjs/nodes.cpp
+++ b/JavaScriptCore/kjs/nodes.cpp
@@ -698,14 +698,6 @@ Value FunctionCallNode::evaluate(ExecState *exec)
     return throwError(exec, TypeError, "Object %s (result of expression %s) does not allow calls.", v, expr);
   }
 
-#if KJS_MAX_STACK > 0
-  static int depth = 0; // sum of all concurrent interpreters
-  if (++depth > KJS_MAX_STACK) {
-    --depth;
-    return throwError(exec, RangeError, "Exceeded maximum function call depth calling %s (result of expression %s).", v, expr);
-  }
-#endif
-
   Value thisVal;
   if (ref.isMutable())
     thisVal = ref.getBase(exec);
@@ -730,10 +722,6 @@ Value FunctionCallNode::evaluate(ExecState *exec)
   Object thisObj = Object::dynamicCast(thisVal);
   Value result = func.call(exec,thisObj, argList);
 
-#if KJS_MAX_STACK > 0
-  --depth;
-#endif
-
   return result;
 }
 
diff --git a/JavaScriptCore/kjs/object.cpp b/JavaScriptCore/kjs/object.cpp
index bd2c6d6..8e0093e 100644
--- a/JavaScriptCore/kjs/object.cpp
+++ b/JavaScriptCore/kjs/object.cpp
@@ -51,6 +51,29 @@ Object Object::dynamicCast(const Value &v)
   return Object(static_cast<ObjectImp*>(v.imp()));
 }
 
+
+Value Object::call(ExecState *exec, Object &thisObj, const List &args)
+{ 
+#if KJS_MAX_STACK > 0
+  static int depth = 0; // sum of all concurrent interpreters
+  if (++depth > KJS_MAX_STACK) {
+    --depth;
+    Object err = Error::create(exec, RangeError,
+                               "Maximum call stack size exceeded.");
+    exec->setException(err);
+    return err;
+  }
+#endif
+
+  Value ret = imp()->call(exec,thisObj,args); 
+
+#if KJS_MAX_STACK > 0
+  --depth;
+#endif
+
+  return ret;
+}
+
 // ------------------------------ ObjectImp ------------------------------------
 
 ObjectImp::ObjectImp(const Object &proto)
diff --git a/JavaScriptCore/kjs/object.h b/JavaScriptCore/kjs/object.h
index 0e382be..9d312c7 100644
--- a/JavaScriptCore/kjs/object.h
+++ b/JavaScriptCore/kjs/object.h
@@ -698,9 +698,6 @@ namespace KJS {
   inline bool Object::implementsCall() const
     { return imp()->implementsCall(); }
 
-  inline Value Object::call(ExecState *exec, Object &thisObj, const List &args)
-    { return imp()->call(exec,thisObj,args); }
-
   inline bool Object::implementsHasInstance() const
     { return imp()->implementsHasInstance(); }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list