summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKent Hansen <kent.hansen@nokia.com>2010-10-05 10:06:10 (GMT)
committerKent Hansen <kent.hansen@nokia.com>2010-10-05 11:16:57 (GMT)
commit8ed3d9e33de7b4ee93b007ebde16ce42885ba95c (patch)
tree5d1a1396026a3774ad735f8b6814df073f115b62
parenta891f20bc370c24777e22be40499e695f97738f9 (diff)
downloadQt-8ed3d9e33de7b4ee93b007ebde16ce42885ba95c.zip
Qt-8ed3d9e33de7b4ee93b007ebde16ce42885ba95c.tar.gz
Qt-8ed3d9e33de7b4ee93b007ebde16ce42885ba95c.tar.bz2
QtScript/JavaScriptCore: Backport random number generator seeding fix
Backported changes: || <https://webkit.org/b/38719> || JavaScriptCore/wtf/RandomNumber.h should provide using WTF::* || || <https://webkit.org/b/41868> || Don't seed the JS random number generator from time() || Task-number: QTBUG-13440 Reviewed-by: Simon Hausmann
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog31
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp1
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h2
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h4
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp2
-rw-r--r--src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h3
-rw-r--r--src/3rdparty/javascriptcore/VERSION4
7 files changed, 41 insertions, 6 deletions
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
index fbaf5d2..fd6c3f7 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
@@ -1,3 +1,24 @@
+2010-08-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Don't seed the JS random number generator from time()
+ https://bugs.webkit.org/show_bug.cgi?id=41868
+ <rdar://problem/8171025>
+
+ Switch to using the secure random number generator to
+ seed the fast random generator, and make the generator
+ be per global object.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+ (JSC::JSGlobalObject::weakRandomNumber):
+ * runtime/MathObject.cpp:
+ (JSC::mathProtoFuncRandom):
+
2010-06-18 Tucker Jay <jay.tucker@nokia.com>
Reviewed by NOBODY (OOPS!).
@@ -94,6 +115,16 @@
* wtf/Platform.h:
+2010-05-06 Fumitoshi Ukai <ukai@chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ JavaScriptCore/wtf/RandomNumber.h should provide using WTF::*
+ https://bugs.webkit.org/show_bug.cgi?id=38719
+
+ * wtf/RandomNumber.h:
+ Add using directives.
+
2010-04-28 Simon Hausmann <simon.hausmann@nokia.com>, Kent Hansen <kent.hansen@nokia.com>
Reviewed by Darin Adler.
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp
index 34b5f82..1c25c16 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp
@@ -144,7 +144,6 @@ JSGlobalData::JSGlobalData(bool isShared)
, firstStringifierToMark(0)
, markStack(jsArrayVPtr)
, cachedUTCOffset(NaN)
- , weakRandom(static_cast<int>(currentTime()))
#ifndef NDEBUG
, mainThreadOnly(false)
#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h
index 49a6c4c..dcd3289 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h
@@ -184,8 +184,6 @@ namespace JSC {
UString cachedDateString;
double cachedDateStringValue;
-
- WeakRandom weakRandom;
#ifndef NDEBUG
bool mainThreadOnly;
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h
index 340e04d..7c20272 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h
@@ -31,6 +31,7 @@
#include "StructureChain.h"
#include <wtf/HashSet.h>
#include <wtf/OwnPtr.h>
+#include <wtf/RandomNumber.h>
namespace JSC {
@@ -91,6 +92,7 @@ namespace JSC {
, datePrototype(0)
, regExpPrototype(0)
, methodCallDummy(0)
+ , weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
{
}
@@ -154,6 +156,7 @@ namespace JSC {
RefPtr<JSGlobalData> globalData;
HashSet<GlobalCodeBlock*> codeBlocks;
+ WeakRandom weakRandom;
};
public:
@@ -271,6 +274,7 @@ namespace JSC {
return Structure::create(prototype, TypeInfo(ObjectType, StructureFlags));
}
+ double weakRandomNumber() { return d()->weakRandom.get(); }
protected:
static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesMarkChildren | OverridesGetPropertyNames | JSVariableObject::StructureFlags;
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp
index 8f22fba..807cfe7 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp
@@ -210,7 +210,7 @@ JSValue JSC_HOST_CALL mathProtoFuncPow(ExecState* exec, JSObject*, JSValue, cons
JSValue JSC_HOST_CALL mathProtoFuncRandom(ExecState* exec, JSObject*, JSValue, const ArgList&)
{
- return jsDoubleNumber(exec, exec->globalData().weakRandom.get());
+ return jsDoubleNumber(exec, exec->lexicalGlobalObject()->weakRandomNumber());
}
JSValue JSC_HOST_CALL mathProtoFuncRound(ExecState* exec, JSObject*, JSValue, const ArgList& args)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h
index fe1687c..e54e9ae 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h
@@ -39,4 +39,7 @@ namespace WTF {
}
+using WTF::randomNumber;
+using WTF::weakRandomNumber;
+
#endif
diff --git a/src/3rdparty/javascriptcore/VERSION b/src/3rdparty/javascriptcore/VERSION
index 6f5fb7c..9991ac0 100644
--- a/src/3rdparty/javascriptcore/VERSION
+++ b/src/3rdparty/javascriptcore/VERSION
@@ -4,8 +4,8 @@ This is a snapshot of JavaScriptCore from
The commit imported was from the
- javascriptcore-snapshot-28062010 branch/tag
+ javascriptcore-snapshot-05102010 branch/tag
and has the sha1 checksum
- 0fccd26d3624e80cf68873701ef70ad72ca66bec
+ 82ead85cfea5859044eeb25b33314dcc0fa5eea1