From 8ed3d9e33de7b4ee93b007ebde16ce42885ba95c Mon Sep 17 00:00:00 2001 From: Kent Hansen Date: Tue, 5 Oct 2010 12:06:10 +0200 Subject: QtScript/JavaScriptCore: Backport random number generator seeding fix Backported changes: || || JavaScriptCore/wtf/RandomNumber.h should provide using WTF::* || || || Don't seed the JS random number generator from time() || Task-number: QTBUG-13440 Reviewed-by: Simon Hausmann --- .../javascriptcore/JavaScriptCore/ChangeLog | 31 ++++++++++++++++++++++ .../JavaScriptCore/runtime/JSGlobalData.cpp | 1 - .../JavaScriptCore/runtime/JSGlobalData.h | 2 -- .../JavaScriptCore/runtime/JSGlobalObject.h | 4 +++ .../JavaScriptCore/runtime/MathObject.cpp | 2 +- .../JavaScriptCore/wtf/RandomNumber.h | 3 +++ src/3rdparty/javascriptcore/VERSION | 4 +-- 7 files changed, 41 insertions(+), 6 deletions(-) diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog index fbaf5d2..fd6c3f7 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog +++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog @@ -1,3 +1,24 @@ +2010-08-24 Oliver Hunt + + Reviewed by Geoff Garen. + + Don't seed the JS random number generator from time() + https://bugs.webkit.org/show_bug.cgi?id=41868 + + + Switch to using the secure random number generator to + seed the fast random generator, and make the generator + be per global object. + + * runtime/JSGlobalData.cpp: + (JSC::JSGlobalData::JSGlobalData): + * runtime/JSGlobalData.h: + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): + (JSC::JSGlobalObject::weakRandomNumber): + * runtime/MathObject.cpp: + (JSC::mathProtoFuncRandom): + 2010-06-18 Tucker Jay Reviewed by NOBODY (OOPS!). @@ -94,6 +115,16 @@ * wtf/Platform.h: +2010-05-06 Fumitoshi Ukai + + Reviewed by Alexey Proskuryakov. + + JavaScriptCore/wtf/RandomNumber.h should provide using WTF::* + https://bugs.webkit.org/show_bug.cgi?id=38719 + + * wtf/RandomNumber.h: + Add using directives. + 2010-04-28 Simon Hausmann , Kent Hansen Reviewed by Darin Adler. diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp index 34b5f82..1c25c16 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp +++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp @@ -144,7 +144,6 @@ JSGlobalData::JSGlobalData(bool isShared) , firstStringifierToMark(0) , markStack(jsArrayVPtr) , cachedUTCOffset(NaN) - , weakRandom(static_cast(currentTime())) #ifndef NDEBUG , mainThreadOnly(false) #endif diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h index 49a6c4c..dcd3289 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h +++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h @@ -184,8 +184,6 @@ namespace JSC { UString cachedDateString; double cachedDateStringValue; - - WeakRandom weakRandom; #ifndef NDEBUG bool mainThreadOnly; diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h index 340e04d..7c20272 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h +++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h @@ -31,6 +31,7 @@ #include "StructureChain.h" #include #include +#include namespace JSC { @@ -91,6 +92,7 @@ namespace JSC { , datePrototype(0) , regExpPrototype(0) , methodCallDummy(0) + , weakRandom(static_cast(randomNumber() * (std::numeric_limits::max() + 1.0))) { } @@ -154,6 +156,7 @@ namespace JSC { RefPtr globalData; HashSet codeBlocks; + WeakRandom weakRandom; }; public: @@ -271,6 +274,7 @@ namespace JSC { return Structure::create(prototype, TypeInfo(ObjectType, StructureFlags)); } + double weakRandomNumber() { return d()->weakRandom.get(); } protected: static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesMarkChildren | OverridesGetPropertyNames | JSVariableObject::StructureFlags; diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp index 8f22fba..807cfe7 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp +++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp @@ -210,7 +210,7 @@ JSValue JSC_HOST_CALL mathProtoFuncPow(ExecState* exec, JSObject*, JSValue, cons JSValue JSC_HOST_CALL mathProtoFuncRandom(ExecState* exec, JSObject*, JSValue, const ArgList&) { - return jsDoubleNumber(exec, exec->globalData().weakRandom.get()); + return jsDoubleNumber(exec, exec->lexicalGlobalObject()->weakRandomNumber()); } JSValue JSC_HOST_CALL mathProtoFuncRound(ExecState* exec, JSObject*, JSValue, const ArgList& args) diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h index fe1687c..e54e9ae 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h +++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h @@ -39,4 +39,7 @@ namespace WTF { } +using WTF::randomNumber; +using WTF::weakRandomNumber; + #endif diff --git a/src/3rdparty/javascriptcore/VERSION b/src/3rdparty/javascriptcore/VERSION index 6f5fb7c..9991ac0 100644 --- a/src/3rdparty/javascriptcore/VERSION +++ b/src/3rdparty/javascriptcore/VERSION @@ -4,8 +4,8 @@ This is a snapshot of JavaScriptCore from The commit imported was from the - javascriptcore-snapshot-28062010 branch/tag + javascriptcore-snapshot-05102010 branch/tag and has the sha1 checksum - 0fccd26d3624e80cf68873701ef70ad72ca66bec + 82ead85cfea5859044eeb25b33314dcc0fa5eea1 -- cgit v0.12