Skip to site navigation (Press enter)

[webkit-changes] [141085] trunk/Source/WebCore

michael . bruning Tue, 29 Jan 2013 01:39:42 -0800

Title: [141085] trunk/Source/WebCore

Revision: 141085
Author: michael.brun...@digia.com
Date: 2013-01-29 01:41:31 -0800 (Tue, 29 Jan 2013)

Log Message

[Qt][WK1] Reflect recursion limit and loop checks also for list conversions.
https://bugs.webkit.org/show_bug.cgi?id=107950


Reviewed by Allan Sandfeld Jensen.

No new tests, bugfix, no behavioral change.

Make conversions from _javascript_ values to QLists take the maximum
recursion depth into consideration and check for objects that were
already visited. Otherwise, the conversion may recurse until the
stack is full and then cause a segmentation fault.

* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::convertToList):
(JSC::Bindings::convertValueToQVariant):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bridge/qt/qt_runtime.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (141084 => 141085)


--- trunk/Source/WebCore/ChangeLog	2013-01-29 09:37:14 UTC (rev 141084)
+++ trunk/Source/WebCore/ChangeLog	2013-01-29 09:41:31 UTC (rev 141085)
@@ -1,3 +1,21 @@
+2013-01-29  Michael Brüning  <michael.brun...@digia.com>
+
+        [Qt][WK1] Reflect recursion limit and loop checks also for list conversions.
+        https://bugs.webkit.org/show_bug.cgi?id=107950
+
+        Reviewed by Allan Sandfeld Jensen.
+
+        No new tests, bugfix, no behavioral change.
+
+        Make conversions from _javascript_ values to QLists take the maximum
+        recursion depth into consideration and check for objects that were
+        already visited. Otherwise, the conversion may recurse until the
+        stack is full and then cause a segmentation fault.
+
+        * bridge/qt/qt_runtime.cpp:
+        (JSC::Bindings::convertToList):
+        (JSC::Bindings::convertValueToQVariant):
+
 2013-01-29  Elliott Sprehn  <espr...@chromium.org>
 
         Clean up interface to ElementShadow

Modified: trunk/Source/WebCore/bridge/qt/qt_runtime.cpp (141084 => 141085)


--- trunk/Source/WebCore/bridge/qt/qt_runtime.cpp	2013-01-29 09:37:14 UTC (rev 141084)
+++ trunk/Source/WebCore/bridge/qt/qt_runtime.cpp	2013-01-29 09:41:31 UTC (rev 141085)
@@ -236,7 +236,7 @@
 
 template <typename ItemType>
 QList<ItemType> convertToList(JSContextRef context, JSRealType type, JSObjectRef object,
-                              JSValueRef value, int* distance, JSValueRef* exception,
+                              JSValueRef value, int* distance, HashSet<JSObjectRef>* visitedObjects, int recursionLimit, JSValueRef* exception,
                               const QMetaType::Type typeId = static_cast<QMetaType::Type>(qMetaTypeId<ItemType>()))
 {
     QList<ItemType> list;
@@ -248,7 +248,7 @@
         for (size_t i = 0; i < length; ++i) {
             JSValueRef value = JSObjectGetPropertyAtIndex(context, object, i, exception);
             int itemDistance = -1;
-            QVariant variant = convertValueToQVariant(context, value, typeId, &itemDistance, exception);
+            QVariant variant = convertValueToQVariant(context, value, typeId, &itemDistance, visitedObjects, recursionLimit, exception);
             if (itemDistance >= 0)
                 list << variant.value<ItemType>();
             else
@@ -260,7 +260,7 @@
             *distance = 5;
     } else {
         int itemDistance = -1;
-        QVariant variant = convertValueToQVariant(context, value, typeId, &itemDistance, exception);
+        QVariant variant = convertValueToQVariant(context, value, typeId, &itemDistance, visitedObjects, recursionLimit, exception);
         if (itemDistance >= 0) {
             list << variant.value<ItemType>();
             if (distance)
@@ -481,11 +481,11 @@
             break;
 
         case QMetaType::QVariantList:
-            ret = QVariant(convertToList<QVariant>(context, type, object, value, &dist, exception, QMetaType::Void));
+            ret = QVariant(convertToList<QVariant>(context, type, object, value, &dist, visitedObjects, recursionLimit, exception, QMetaType::Void));
             break;
 
         case QMetaType::QStringList: {
-            ret = QVariant(convertToList<QString>(context, type, object, value, &dist, exception));
+            ret = QVariant(convertToList<QString>(context, type, object, value, &dist, visitedObjects, recursionLimit, exception));
             break;
         }
 
@@ -616,11 +616,11 @@
         default:
             // Non const type ids
             if (hint == (QMetaType::Type) qMetaTypeId<QObjectList>()) {
-                ret = QVariant::fromValue(convertToList<QObject*>(context, type, object, value, &dist, exception));
+                ret = QVariant::fromValue(convertToList<QObject*>(context, type, object, value, &dist, visitedObjects, recursionLimit, exception));
                 break;
             }
             if (hint == (QMetaType::Type) qMetaTypeId<QList<int> >()) {
-                ret = QVariant::fromValue(convertToList<int>(context, type, object, value, &dist, exception));
+                ret = QVariant::fromValue(convertToList<int>(context, type, object, value, &dist, visitedObjects, recursionLimit, exception));
                 break;
             }
             if (QtPixmapRuntime::canHandle(static_cast<QMetaType::Type>(hint))) {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes