9babf1ee16
* MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=157
286 lines
9.0 KiB
Diff
286 lines
9.0 KiB
Diff
From: Mike Hommey <mh@glandium.org>
|
|
Date: Sat, 24 Dec 2011 09:56:58 +0100
|
|
Subject: Bug 691898 - Use YARR interpreter instead of PCRE on platforms where
|
|
YARR JIT is not supported
|
|
|
|
---
|
|
js/src/Makefile.in | 21 +++++++++++++--------
|
|
js/src/vm/RegExpObject-inl.h | 28 ++++++----------------------
|
|
js/src/vm/RegExpObject.cpp | 36 ------------------------------------
|
|
js/src/vm/RegExpObject.h | 27 ++++++---------------------
|
|
js/src/yarr/wtfbridge.h | 2 --
|
|
5 files changed, 25 insertions(+), 89 deletions(-)
|
|
|
|
diff --git a/js/src/Makefile.in b/js/src/Makefile.in
|
|
index fc48cbd..49f0bdc 100644
|
|
--- a/js/src/Makefile.in
|
|
+++ b/js/src/Makefile.in
|
|
@@ -416,15 +416,20 @@ CPPSRCS += checks.cc \
|
|
|
|
ifeq (,$(filter arm% sparc %86 x86_64,$(TARGET_CPU)))
|
|
|
|
-VPATH += $(srcdir)/yarr/pcre \
|
|
+VPATH += $(srcdir)/assembler \
|
|
+ $(srcdir)/assembler/wtf \
|
|
+ $(srcdir)/yarr \
|
|
$(NULL)
|
|
|
|
CPPSRCS += \
|
|
- pcre_compile.cpp \
|
|
- pcre_exec.cpp \
|
|
- pcre_tables.cpp \
|
|
- pcre_xclass.cpp \
|
|
- pcre_ucp_searchfuncs.cpp \
|
|
+ Assertions.cpp \
|
|
+ OSAllocatorOS2.cpp \
|
|
+ OSAllocatorPosix.cpp \
|
|
+ OSAllocatorWin.cpp \
|
|
+ PageBlock.cpp \
|
|
+ YarrInterpreter.cpp \
|
|
+ YarrPattern.cpp \
|
|
+ YarrSyntaxChecker.cpp \
|
|
$(NULL)
|
|
else
|
|
|
|
@@ -1015,10 +1020,10 @@ endif
|
|
# Needed to "configure" it correctly. Unfortunately these
|
|
# flags wind up being applied to all code in js/src, not just
|
|
# the code in js/src/assembler.
|
|
-CXXFLAGS += -DUSE_SYSTEM_MALLOC=1 -DENABLE_ASSEMBLER=1
|
|
+CXXFLAGS += -DUSE_SYSTEM_MALLOC=1
|
|
|
|
ifneq (,$(ENABLE_YARR_JIT)$(ENABLE_TRACEJIT)$(ENABLE_METHODJIT))
|
|
-CXXFLAGS += -DENABLE_JIT=1
|
|
+CXXFLAGS += -DENABLE_JIT=1 -DENABLE_ASSEMBLER=1
|
|
endif
|
|
|
|
INCLUDES += -I$(srcdir)/assembler -I$(srcdir)/yarr
|
|
diff --git a/js/src/vm/RegExpObject-inl.h b/js/src/vm/RegExpObject-inl.h
|
|
index 5f7817d..91108a7 100644
|
|
--- a/js/src/vm/RegExpObject-inl.h
|
|
+++ b/js/src/vm/RegExpObject-inl.h
|
|
@@ -327,6 +327,7 @@ RegExpPrivate::create(JSContext *cx, JSString *source, RegExpFlag flags, TokenSt
|
|
return RetType(self);
|
|
}
|
|
|
|
+#if ENABLE_YARR_JIT
|
|
/* This function should be deleted once bad Android platforms phase out. See bug 604774. */
|
|
inline bool
|
|
RegExpPrivateCode::isJITRuntimeEnabled(JSContext *cx)
|
|
@@ -337,12 +338,12 @@ RegExpPrivateCode::isJITRuntimeEnabled(JSContext *cx)
|
|
return true;
|
|
#endif
|
|
}
|
|
+#endif
|
|
|
|
inline bool
|
|
RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream *ts,
|
|
uintN *parenCount, RegExpFlag flags)
|
|
{
|
|
-#if ENABLE_YARR_JIT
|
|
/* Parse the pattern. */
|
|
ErrorCode yarrError;
|
|
YarrPattern yarrPattern(pattern, bool(flags & IgnoreCaseFlag), bool(flags & MultilineFlag),
|
|
@@ -359,7 +360,7 @@ RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream *
|
|
* case we have to bytecode compile it.
|
|
*/
|
|
|
|
-#ifdef JS_METHODJIT
|
|
+#if ENABLE_YARR_JIT && defined(JS_METHODJIT)
|
|
if (isJITRuntimeEnabled(cx) && !yarrPattern.m_containsBackreferences) {
|
|
if (!cx->compartment->ensureJaegerCompartmentExists(cx))
|
|
return false;
|
|
@@ -371,21 +372,11 @@ RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream *
|
|
}
|
|
#endif
|
|
|
|
+#if ENABLE_YARR_JIT
|
|
codeBlock.setFallBack(true);
|
|
+#endif
|
|
byteCode = byteCompile(yarrPattern, cx->compartment->regExpAllocator).get();
|
|
return true;
|
|
-#else /* !defined(ENABLE_YARR_JIT) */
|
|
- int error = 0;
|
|
- compiled = jsRegExpCompile(pattern.chars(), pattern.length(),
|
|
- ignoreCase() ? JSRegExpIgnoreCase : JSRegExpDoNotIgnoreCase,
|
|
- multiline() ? JSRegExpMultiline : JSRegExpSingleLine,
|
|
- parenCount, &error);
|
|
- if (error) {
|
|
- reportPCREError(cx, error);
|
|
- return false;
|
|
- }
|
|
- return true;
|
|
-#endif
|
|
}
|
|
|
|
inline bool
|
|
@@ -431,19 +422,12 @@ RegExpPrivateCode::execute(JSContext *cx, const jschar *chars, size_t start, siz
|
|
else
|
|
result = JSC::Yarr::execute(codeBlock, chars, start, length, output);
|
|
#else
|
|
- result = jsRegExpExecute(cx, compiled, chars, length, start, output, outputCount);
|
|
+ result = JSC::Yarr::interpret(byteCode, chars, start, length, output);
|
|
#endif
|
|
|
|
if (result == -1)
|
|
return Success_NotFound;
|
|
|
|
-#if !ENABLE_YARR_JIT
|
|
- if (result < 0) {
|
|
- reportPCREError(cx, result);
|
|
- return Error;
|
|
- }
|
|
-#endif
|
|
-
|
|
JS_ASSERT(result >= 0);
|
|
return Success;
|
|
}
|
|
diff --git a/js/src/vm/RegExpObject.cpp b/js/src/vm/RegExpObject.cpp
|
|
index f75c6a5..7631dd5 100644
|
|
--- a/js/src/vm/RegExpObject.cpp
|
|
+++ b/js/src/vm/RegExpObject.cpp
|
|
@@ -251,7 +251,6 @@ Class js::RegExpClass = {
|
|
NULL /* trace */
|
|
};
|
|
|
|
-#if ENABLE_YARR_JIT
|
|
void
|
|
RegExpPrivateCode::reportYarrError(JSContext *cx, TokenStream *ts, ErrorCode error)
|
|
{
|
|
@@ -283,41 +282,6 @@ RegExpPrivateCode::reportYarrError(JSContext *cx, TokenStream *ts, ErrorCode err
|
|
}
|
|
}
|
|
|
|
-#else /* !ENABLE_YARR_JIT */
|
|
-
|
|
-void
|
|
-RegExpPrivateCode::reportPCREError(JSContext *cx, int error)
|
|
-{
|
|
-#define REPORT(msg_) \
|
|
- JS_ReportErrorFlagsAndNumberUC(cx, JSREPORT_ERROR, js_GetErrorMessage, NULL, msg_); \
|
|
- return
|
|
- switch (error) {
|
|
- case -2: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 0: JS_NOT_REACHED("Precondition violation: an error must have occurred.");
|
|
- case 1: REPORT(JSMSG_TRAILING_SLASH);
|
|
- case 2: REPORT(JSMSG_TRAILING_SLASH);
|
|
- case 3: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 4: REPORT(JSMSG_BAD_QUANTIFIER);
|
|
- case 5: REPORT(JSMSG_BAD_QUANTIFIER);
|
|
- case 6: REPORT(JSMSG_BAD_CLASS_RANGE);
|
|
- case 7: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 8: REPORT(JSMSG_BAD_CLASS_RANGE);
|
|
- case 9: REPORT(JSMSG_BAD_QUANTIFIER);
|
|
- case 10: REPORT(JSMSG_UNMATCHED_RIGHT_PAREN);
|
|
- case 11: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 12: REPORT(JSMSG_UNMATCHED_RIGHT_PAREN);
|
|
- case 13: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 14: REPORT(JSMSG_MISSING_PAREN);
|
|
- case 15: REPORT(JSMSG_BAD_BACKREF);
|
|
- case 16: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 17: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- default:
|
|
- JS_NOT_REACHED("Precondition violation: unknown PCRE error code.");
|
|
- }
|
|
-#undef REPORT
|
|
-}
|
|
-#endif /* ENABLE_YARR_JIT */
|
|
-
|
|
bool
|
|
js::ParseRegExpFlags(JSContext *cx, JSString *flagStr, RegExpFlag *flagsOut)
|
|
{
|
|
diff --git a/js/src/vm/RegExpObject.h b/js/src/vm/RegExpObject.h
|
|
index 1449d56..279f3c0 100644
|
|
--- a/js/src/vm/RegExpObject.h
|
|
+++ b/js/src/vm/RegExpObject.h
|
|
@@ -49,8 +49,6 @@
|
|
#include "yarr/Yarr.h"
|
|
#if ENABLE_YARR_JIT
|
|
#include "yarr/YarrJIT.h"
|
|
-#else
|
|
-#include "yarr/pcre/pcre.h"
|
|
#endif
|
|
|
|
namespace js {
|
|
@@ -153,48 +151,39 @@ ResetRegExpObject(JSContext *cx, AlreadyIncRefed<RegExpPrivate> rep);
|
|
/* Abstracts away the gross |RegExpPrivate| backend details. */
|
|
class RegExpPrivateCode
|
|
{
|
|
-#if ENABLE_YARR_JIT
|
|
typedef JSC::Yarr::BytecodePattern BytecodePattern;
|
|
typedef JSC::Yarr::ErrorCode ErrorCode;
|
|
+ typedef JSC::Yarr::YarrPattern YarrPattern;
|
|
+#if ENABLE_YARR_JIT
|
|
typedef JSC::Yarr::JSGlobalData JSGlobalData;
|
|
typedef JSC::Yarr::YarrCodeBlock YarrCodeBlock;
|
|
- typedef JSC::Yarr::YarrPattern YarrPattern;
|
|
|
|
/* Note: Native code is valid only if |codeBlock.isFallBack() == false|. */
|
|
YarrCodeBlock codeBlock;
|
|
- BytecodePattern *byteCode;
|
|
-#else
|
|
- JSRegExp *compiled;
|
|
#endif
|
|
+ BytecodePattern *byteCode;
|
|
|
|
public:
|
|
RegExpPrivateCode()
|
|
:
|
|
#if ENABLE_YARR_JIT
|
|
codeBlock(),
|
|
- byteCode(NULL)
|
|
-#else
|
|
- compiled(NULL)
|
|
#endif
|
|
+ byteCode(NULL)
|
|
{ }
|
|
|
|
~RegExpPrivateCode() {
|
|
#if ENABLE_YARR_JIT
|
|
codeBlock.release();
|
|
+#endif
|
|
if (byteCode)
|
|
Foreground::delete_<BytecodePattern>(byteCode);
|
|
-#else
|
|
- if (compiled)
|
|
- jsRegExpFree(compiled);
|
|
-#endif
|
|
}
|
|
|
|
#if ENABLE_YARR_JIT
|
|
static inline bool isJITRuntimeEnabled(JSContext *cx);
|
|
- void reportYarrError(JSContext *cx, TokenStream *ts, JSC::Yarr::ErrorCode error);
|
|
-#else
|
|
- void reportPCREError(JSContext *cx, int error);
|
|
#endif
|
|
+ void reportYarrError(JSContext *cx, TokenStream *ts, JSC::Yarr::ErrorCode error);
|
|
|
|
inline bool compile(JSContext *cx, JSLinearString &pattern, TokenStream *ts, uintN *parenCount,
|
|
RegExpFlag flags);
|
|
@@ -205,11 +194,7 @@ class RegExpPrivateCode
|
|
int *output, size_t outputCount);
|
|
|
|
static size_t getOutputSize(size_t pairCount) {
|
|
-#if ENABLE_YARR_JIT
|
|
return pairCount * 2;
|
|
-#else
|
|
- return pairCount * 3; /* Should be x2, but PCRE has... needs. */
|
|
-#endif
|
|
}
|
|
};
|
|
|
|
diff --git a/js/src/yarr/wtfbridge.h b/js/src/yarr/wtfbridge.h
|
|
index ac41d08..fb8eb86 100644
|
|
--- a/js/src/yarr/wtfbridge.h
|
|
+++ b/js/src/yarr/wtfbridge.h
|
|
@@ -49,9 +49,7 @@
|
|
#include "jsprvtd.h"
|
|
#include "vm/String.h"
|
|
#include "assembler/wtf/Platform.h"
|
|
-#if ENABLE_YARR_JIT
|
|
#include "assembler/jit/ExecutableAllocator.h"
|
|
-#endif
|
|
|
|
namespace JSC { namespace Yarr {
|
|
|