114062 – If CallFrame::trueCallFrame() knows that it's about to read garbage instead of a valid CodeOrigin/InlineCallFrame, then it should give up and return 0 and all callers should be robust against this

Bug 114062 - If CallFrame::trueCallFrame() knows that it's about to read garbage instead of a valid CodeOrigin/InlineCallFrame, then it should give up and return 0 and all callers should be robust against this

Summary: If CallFrame::trueCallFrame() knows that it's about to read garbage instead o...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2013-04-05 14:00 PDT by Filip Pizlo
Modified:	2013-04-05 14:33 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
the patch (3.23 KB, patch) 2013-04-05 14:06 PDT, Filip Pizlo	oliver: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2013-04-05 14:00:00 PDT

This reduces the severity of bugs arising from our existing sloppiness with CodeOrigins.  We should fix that sloppiness, but before we do, we should make sure that even such sloppiness doesn't cause a WebKit process to go down in flames.

<rdar://problem/12032790>

Comment 1 Filip Pizlo 2013-04-05 14:06:41 PDT

Created attachment 196680 [details]
the patch

Comment 2 Oliver Hunt 2013-04-05 14:10:34 PDT

Comment on attachment 196680 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196680&action=review

> Source/JavaScriptCore/interpreter/CallFrame.cpp:124
>          ASSERT_UNUSED(hasCodeOrigin, hasCodeOrigin);

This can just change to ASSERT() as we use hasCodeOrigin now

Comment 3 Filip Pizlo 2013-04-05 14:33:08 PDT

Landed in http://trac.webkit.org/changeset/147798