Only read symbol_id for strings which are known to be symbols

Ensures that uninitialised symbol_id is not dereferenced if the string is created on the stack via code generators instead of on the heap. Task-number: QTBUG-23126 Change-Id: I083586ad46796e70b0246413742d326c60f379e5 Reviewed-by: Peter Varga <[email protected]>
meta-qt5 · Aug 9, 2012 · 30662b5 · 30662b5
1 parent f489fb6
commit 30662b5
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 5 deletions.
diff --git a/src/3rdparty/v8/src/api.cc b/src/3rdparty/v8/src/api.cc
@@ -3911,7 +3911,7 @@ String::CompleteHashData String::CompleteHash() const {
   CompleteHashData result;
   result.length = str->length();
   result.hash = str->Hash();
-  if (str->IsSeqString())
+  if (str->IsSeqAsciiString() && str->IsSymbol())
       result.symbol_id = i::SeqString::cast(*str)->symbol_id();
   return result;
 }

diff --git a/src/3rdparty/v8/src/heap-inl.h b/src/3rdparty/v8/src/heap-inl.h
@@ -127,7 +127,6 @@ MaybeObject* Heap::AllocateAsciiSymbol(Vector<const char> str,
   String* answer = String::cast(result);
   answer->set_length(str.length());
   answer->set_hash_field(hash_field);
-  SeqString::cast(answer)->set_symbol_id(0);
 
   ASSERT_EQ(size, answer->Size());
 
@@ -161,7 +160,6 @@ MaybeObject* Heap::AllocateTwoByteSymbol(Vector<const uc16> str,
   String* answer = String::cast(result);
   answer->set_length(str.length());
   answer->set_hash_field(hash_field);
-  SeqString::cast(answer)->set_symbol_id(0);
 
   ASSERT_EQ(size, answer->Size());
 

diff --git a/src/3rdparty/v8/src/heap.cc b/src/3rdparty/v8/src/heap.cc
@@ -4490,7 +4490,6 @@ MaybeObject* Heap::AllocateRawAsciiString(int length, PretenureFlag pretenure) {
   HeapObject::cast(result)->set_map_no_write_barrier(ascii_string_map());
   String::cast(result)->set_length(length);
   String::cast(result)->set_hash_field(String::kEmptyHashField);
-  SeqString::cast(result)->set_symbol_id(0);
   ASSERT_EQ(size, HeapObject::cast(result)->Size());
   return result;
 }
@@ -4527,7 +4526,6 @@ MaybeObject* Heap::AllocateRawTwoByteString(int length,
   HeapObject::cast(result)->set_map_no_write_barrier(string_map());
   String::cast(result)->set_length(length);
   String::cast(result)->set_hash_field(String::kEmptyHashField);
-  SeqString::cast(result)->set_symbol_id(0);
   ASSERT_EQ(size, HeapObject::cast(result)->Size());
   return result;
 }