diff options
Diffstat (limited to 'src/3rdparty/webkit/JavaScriptCore/interpreter/Interpreter.cpp')
| -rw-r--r-- | src/3rdparty/webkit/JavaScriptCore/interpreter/Interpreter.cpp | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/3rdparty/webkit/JavaScriptCore/interpreter/Interpreter.cpp b/src/3rdparty/webkit/JavaScriptCore/interpreter/Interpreter.cpp index 2713fd4..73efc0d 100644 --- a/src/3rdparty/webkit/JavaScriptCore/interpreter/Interpreter.cpp +++ b/src/3rdparty/webkit/JavaScriptCore/interpreter/Interpreter.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. + * Copyright (C) 2008, 2009, 2010 Apple Inc. All rights reserved. * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca> * * Redistribution and use in source and binary forms, with or without @@ -3454,9 +3454,10 @@ skip_id_custom_self: int argsOffset = vPC[2].u.operand; JSValue arguments = callFrame->r(argsOffset).jsValue(); - int32_t argCount = 0; + uint32_t argCount = 0; if (!arguments) { argCount = (uint32_t)(callFrame->argumentCount()) - 1; + argCount = min<uint32_t>(argCount, Arguments::MaxArguments); int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize; Register* newEnd = callFrame->registers() + sizeDelta; if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) { @@ -3464,9 +3465,9 @@ skip_id_custom_self: goto vm_throw; } ASSERT(!callFrame->callee()->isHostFunction()); - int32_t expectedParams = callFrame->callee()->jsExecutable()->parameterCount(); - int32_t inplaceArgs = min(argCount, expectedParams); - int32_t i = 0; + uint32_t expectedParams = callFrame->callee()->jsExecutable()->parameterCount(); + uint32_t inplaceArgs = min(argCount, expectedParams); + uint32_t i = 0; Register* argStore = callFrame->registers() + argsOffset; // First step is to copy the "expected" parameters from their normal location relative to the callframe @@ -3483,6 +3484,7 @@ skip_id_custom_self: if (asObject(arguments)->classInfo() == &Arguments::info) { Arguments* args = asArguments(arguments); argCount = args->numProvidedArguments(callFrame); + argCount = min<uint32_t>(argCount, Arguments::MaxArguments); int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize; Register* newEnd = callFrame->registers() + sizeDelta; if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) { @@ -3493,6 +3495,7 @@ skip_id_custom_self: } else if (isJSArray(&callFrame->globalData(), arguments)) { JSArray* array = asArray(arguments); argCount = array->length(); + argCount = min<uint32_t>(argCount, Arguments::MaxArguments); int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize; Register* newEnd = callFrame->registers() + sizeDelta; if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) { @@ -3503,6 +3506,7 @@ skip_id_custom_self: } else if (asObject(arguments)->inherits(&JSArray::info)) { JSObject* argObject = asObject(arguments); argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame); + argCount = min<uint32_t>(argCount, Arguments::MaxArguments); int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize; Register* newEnd = callFrame->registers() + sizeDelta; if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) { @@ -3510,7 +3514,7 @@ skip_id_custom_self: goto vm_throw; } Register* argsBuffer = callFrame->registers() + argsOffset; - for (int32_t i = 0; i < argCount; ++i) { + for (uint32_t i = 0; i < argCount; ++i) { argsBuffer[i] = asObject(arguments)->get(callFrame, i); CHECK_FOR_EXCEPTION(); } |