src · 17ec357ac7797fbd7e46d62873eaf94657a410d3 · Linshizhi / V8

Fix crash due RegExpAtom method called on RegExpCharacterClass object. · 17ec357a

bmeurer@chromium.org authored Aug 23, 2013

In the RegExpUnparser::VisitText(RegExpText* that, void* data) function always RegExpUnparser::VisitAtom function called via that->elements()->at(i).data.u_atom->Accept(this, data); even if the type of the object is RegExpCharacterClass.

The problem shows using g++ 4.7(.2, .3) since r16232, since GCC optimizes virtual method calls to direct calls based on __final/final hints. Tested on MIPS and x64:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000588928 in v8::internal::RegExpUnparser::VisitAtom(v8::internal::RegExpAtom*, void*) ()

This cleans up the TextElement class to avoid the unsafe+unchecked union access, that caused the crash.

TEST=cctest/test-regexp/ParserRegression
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22815033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

17ec357a

Name	Last commit	Last update
..
arm		Loading commit data...
extensions		Loading commit data...
ia32		Loading commit data...
mips		Loading commit data...
third_party		Loading commit data...
x64		Loading commit data...
accessors.cc		Loading commit data...
accessors.h		Loading commit data...
allocation-inl.h		Loading commit data...
allocation.cc		Loading commit data...
allocation.h		Loading commit data...
api.cc		Loading commit data...
api.h		Loading commit data...
apinatives.js		Loading commit data...
apiutils.h		Loading commit data...
arguments.cc		Loading commit data...
arguments.h		Loading commit data...
array-iterator.js		Loading commit data...
array.js		Loading commit data...
arraybuffer.js		Loading commit data...
assembler.cc		Loading commit data...
assembler.h		Loading commit data...
assert-scope.h		Loading commit data...
ast.cc		Loading commit data...
ast.h		Loading commit data...
atomicops.h		Loading commit data...
atomicops_internals_arm_gcc.h		Loading commit data...
atomicops_internals_mips_gcc.h		Loading commit data...
atomicops_internals_tsan.h		Loading commit data...
atomicops_internals_x86_gcc.cc		Loading commit data...
atomicops_internals_x86_gcc.h		Loading commit data...
atomicops_internals_x86_macosx.h		Loading commit data...
atomicops_internals_x86_msvc.h		Loading commit data...
bignum-dtoa.cc		Loading commit data...
bignum-dtoa.h		Loading commit data...
bignum.cc		Loading commit data...
bignum.h		Loading commit data...
bootstrapper.cc		Loading commit data...
bootstrapper.h		Loading commit data...
builtins.cc		Loading commit data...
builtins.h		Loading commit data...
bytecodes-irregexp.h		Loading commit data...
cached-powers.cc		Loading commit data...
cached-powers.h		Loading commit data...
char-predicates-inl.h		Loading commit data...
char-predicates.h		Loading commit data...
checks.cc		Loading commit data...
checks.h		Loading commit data...
circular-queue-inl.h		Loading commit data...
circular-queue.h		Loading commit data...
code-stubs-hydrogen.cc		Loading commit data...
code-stubs.cc		Loading commit data...
code-stubs.h		Loading commit data...
code.h		Loading commit data...
codegen.cc		Loading commit data...
codegen.h		Loading commit data...
collection.js		Loading commit data...
compilation-cache.cc		Loading commit data...
compilation-cache.h		Loading commit data...
compiler-intrinsics.h		Loading commit data...
compiler.cc		Loading commit data...
compiler.h		Loading commit data...
contexts.cc		Loading commit data...
contexts.h		Loading commit data...
conversions-inl.h		Loading commit data...
conversions.cc		Loading commit data...
conversions.h		Loading commit data...
counters.cc		Loading commit data...
counters.h		Loading commit data...
cpu-profiler-inl.h		Loading commit data...
cpu-profiler.cc		Loading commit data...
cpu-profiler.h		Loading commit data...
cpu.h		Loading commit data...
d8-debug.cc		Loading commit data...
d8-debug.h		Loading commit data...
d8-posix.cc		Loading commit data...
d8-readline.cc		Loading commit data...
d8-windows.cc		Loading commit data...
d8.cc		Loading commit data...
d8.gyp		Loading commit data...
d8.h		Loading commit data...
d8.js		Loading commit data...
data-flow.cc		Loading commit data...
data-flow.h		Loading commit data...
date.cc		Loading commit data...
date.h		Loading commit data...
date.js		Loading commit data...
dateparser-inl.h		Loading commit data...
dateparser.cc		Loading commit data...
dateparser.h		Loading commit data...
debug-agent.cc		Loading commit data...
debug-agent.h		Loading commit data...
debug-debugger.js		Loading commit data...
debug.cc		Loading commit data...
debug.h		Loading commit data...
deoptimizer.cc		Loading commit data...
deoptimizer.h		Loading commit data...
disasm.h		Loading commit data...
disassembler.cc		Loading commit data...
disassembler.h		Loading commit data...
diy-fp.cc		Loading commit data...
diy-fp.h		Loading commit data...
double.h		Loading commit data...
dtoa.cc		Loading commit data...
dtoa.h		Loading commit data...
effects.h		Loading commit data...
elements-kind.cc		Loading commit data...
elements-kind.h		Loading commit data...
elements.cc		Loading commit data...
elements.h		Loading commit data...
execution.cc		Loading commit data...
execution.h		Loading commit data...
factory.cc		Loading commit data...
factory.h		Loading commit data...
fast-dtoa.cc		Loading commit data...
fast-dtoa.h		Loading commit data...
fixed-dtoa.cc		Loading commit data...
fixed-dtoa.h		Loading commit data...
flag-definitions.h		Loading commit data...
flags.cc		Loading commit data...
flags.h		Loading commit data...
frames-inl.h		Loading commit data...
frames.cc		Loading commit data...
frames.h		Loading commit data...
full-codegen.cc		Loading commit data...
full-codegen.h		Loading commit data...
func-name-inferrer.cc		Loading commit data...
func-name-inferrer.h		Loading commit data...
gdb-jit.cc		Loading commit data...
gdb-jit.h		Loading commit data...
generator.js		Loading commit data...
global-handles.cc		Loading commit data...
global-handles.h		Loading commit data...
globals.h		Loading commit data...
handles-inl.h		Loading commit data...
handles.cc		Loading commit data...
handles.h		Loading commit data...
harmony-array.js		Loading commit data...
harmony-string.js		Loading commit data...
hashmap.h		Loading commit data...
heap-inl.h		Loading commit data...
heap-profiler.cc		Loading commit data...
heap-profiler.h		Loading commit data...
heap-snapshot-generator-inl.h		Loading commit data...
heap-snapshot-generator.cc		Loading commit data...
heap-snapshot-generator.h		Loading commit data...
heap.cc		Loading commit data...
heap.h		Loading commit data...
hydrogen-bce.cc		Loading commit data...
hydrogen-bce.h		Loading commit data...
hydrogen-bch.cc		Loading commit data...
hydrogen-bch.h		Loading commit data...
hydrogen-canonicalize.cc		Loading commit data...
hydrogen-canonicalize.h		Loading commit data...
hydrogen-dce.cc		Loading commit data...
hydrogen-dce.h		Loading commit data...
hydrogen-dehoist.cc		Loading commit data...
hydrogen-dehoist.h		Loading commit data...
hydrogen-deoptimizing-mark.cc		Loading commit data...
hydrogen-deoptimizing-mark.h		Loading commit data...
hydrogen-environment-liveness.cc		Loading commit data...
hydrogen-environment-liveness.h		Loading commit data...
hydrogen-escape-analysis.cc		Loading commit data...
hydrogen-escape-analysis.h		Loading commit data...
hydrogen-gvn.cc		Loading commit data...
hydrogen-gvn.h		Loading commit data...
hydrogen-infer-representation.cc		Loading commit data...
hydrogen-infer-representation.h		Loading commit data...
hydrogen-infer-types.cc		Loading commit data...
hydrogen-infer-types.h		Loading commit data...
hydrogen-instructions.cc		Loading commit data...
hydrogen-instructions.h		Loading commit data...
hydrogen-mark-deoptimize.cc		Loading commit data...
hydrogen-mark-deoptimize.h		Loading commit data...
hydrogen-minus-zero.cc		Loading commit data...
hydrogen-minus-zero.h		Loading commit data...
hydrogen-osr.cc		Loading commit data...
hydrogen-osr.h		Loading commit data...
hydrogen-range-analysis.cc		Loading commit data...
hydrogen-range-analysis.h		Loading commit data...
hydrogen-redundant-phi.cc		Loading commit data...
hydrogen-redundant-phi.h		Loading commit data...
hydrogen-removable-simulates.cc		Loading commit data...
hydrogen-removable-simulates.h		Loading commit data...
hydrogen-representation-changes.cc		Loading commit data...
hydrogen-representation-changes.h		Loading commit data...
hydrogen-sce.cc		Loading commit data...
hydrogen-sce.h		Loading commit data...
hydrogen-uint32-analysis.cc		Loading commit data...
hydrogen-uint32-analysis.h		Loading commit data...
hydrogen.cc		Loading commit data...
hydrogen.h		Loading commit data...
i18n.cc		Loading commit data...
i18n.h		Loading commit data...
ic-inl.h		Loading commit data...
ic.cc		Loading commit data...
ic.h		Loading commit data...
icu_util.cc		Loading commit data...
icu_util.h		Loading commit data...
incremental-marking-inl.h		Loading commit data...
incremental-marking.cc		Loading commit data...
incremental-marking.h		Loading commit data...
interface.cc		Loading commit data...
interface.h		Loading commit data...
interpreter-irregexp.cc		Loading commit data...
interpreter-irregexp.h		Loading commit data...
isolate-inl.h		Loading commit data...
isolate.cc		Loading commit data...
isolate.h		Loading commit data...
json-parser.h		Loading commit data...
json-stringifier.h		Loading commit data...
json.js		Loading commit data...
jsregexp-inl.h		Loading commit data...
jsregexp.cc		Loading commit data...
jsregexp.h		Loading commit data...
lazy-instance.h		Loading commit data...
list-inl.h		Loading commit data...
list.h		Loading commit data...
lithium-allocator-inl.h		Loading commit data...
lithium-allocator.cc		Loading commit data...
lithium-allocator.h		Loading commit data...
lithium.cc		Loading commit data...
lithium.h		Loading commit data...
liveedit-debugger.js		Loading commit data...
liveedit.cc		Loading commit data...
liveedit.h		Loading commit data...
log-inl.h		Loading commit data...
log-utils.cc		Loading commit data...
log-utils.h		Loading commit data...
log.cc		Loading commit data...
log.h		Loading commit data...
macro-assembler.h		Loading commit data...
macros.py		Loading commit data...
mark-compact-inl.h		Loading commit data...
mark-compact.cc		Loading commit data...
mark-compact.h		Loading commit data...
marking-thread.cc		Loading commit data...
marking-thread.h		Loading commit data...
math.js		Loading commit data...
messages.cc		Loading commit data...
messages.h		Loading commit data...
messages.js		Loading commit data...
mirror-debugger.js		Loading commit data...
misc-intrinsics.h		Loading commit data...
mksnapshot.cc		Loading commit data...
natives.h		Loading commit data...
object-observe.js		Loading commit data...
objects-debug.cc		Loading commit data...
objects-inl.h		Loading commit data...
objects-printer.cc		Loading commit data...
objects-visiting-inl.h		Loading commit data...
objects-visiting.cc		Loading commit data...
objects-visiting.h		Loading commit data...
objects.cc		Loading commit data...
objects.h		Loading commit data...
once.cc		Loading commit data...
once.h		Loading commit data...
optimizing-compiler-thread.cc		Loading commit data...
optimizing-compiler-thread.h		Loading commit data...
parser.cc		Loading commit data...
parser.h		Loading commit data...
platform-cygwin.cc		Loading commit data...
platform-freebsd.cc		Loading commit data...
platform-linux.cc		Loading commit data...
platform-macos.cc		Loading commit data...
platform-nullos.cc		Loading commit data...
platform-openbsd.cc		Loading commit data...
platform-posix.cc		Loading commit data...
platform-posix.h		Loading commit data...
platform-solaris.cc		Loading commit data...
platform-win32.cc		Loading commit data...
platform.h		Loading commit data...
preparse-data-format.h		Loading commit data...
preparse-data.cc		Loading commit data...
preparse-data.h		Loading commit data...
preparser-api.cc		Loading commit data...
preparser.cc		Loading commit data...
preparser.h		Loading commit data...
prettyprinter.cc		Loading commit data...
prettyprinter.h		Loading commit data...
profile-generator-inl.h		Loading commit data...
profile-generator.cc		Loading commit data...
profile-generator.h		Loading commit data...
property-details.h		Loading commit data...
property.cc		Loading commit data...
property.h		Loading commit data...
proxy.js		Loading commit data...
regexp-macro-assembler-irregexp-inl.h		Loading commit data...
regexp-macro-assembler-irregexp.cc		Loading commit data...
regexp-macro-assembler-irregexp.h		Loading commit data...
regexp-macro-assembler-tracer.cc		Loading commit data...
regexp-macro-assembler-tracer.h		Loading commit data...
regexp-macro-assembler.cc		Loading commit data...
regexp-macro-assembler.h		Loading commit data...
regexp-stack.cc		Loading commit data...
regexp-stack.h		Loading commit data...
regexp.js		Loading commit data...
rewriter.cc		Loading commit data...
rewriter.h		Loading commit data...
runtime-profiler.cc		Loading commit data...
runtime-profiler.h		Loading commit data...
runtime.cc		Loading commit data...
runtime.h		Loading commit data...
runtime.js		Loading commit data...
safepoint-table.cc		Loading commit data...
safepoint-table.h		Loading commit data...
sampler.cc		Loading commit data...
sampler.h		Loading commit data...
scanner-character-streams.cc		Loading commit data...
scanner-character-streams.h		Loading commit data...
scanner.cc		Loading commit data...
scanner.h		Loading commit data...
scopeinfo.cc		Loading commit data...
scopeinfo.h		Loading commit data...
scopes.cc		Loading commit data...
scopes.h		Loading commit data...
serialize.cc		Loading commit data...
serialize.h		Loading commit data...
simulator.h		Loading commit data...
small-pointer-list.h		Loading commit data...
smart-pointers.h		Loading commit data...
snapshot-common.cc		Loading commit data...
snapshot-empty.cc		Loading commit data...
snapshot.h		Loading commit data...
spaces-inl.h		Loading commit data...
spaces.cc		Loading commit data...
spaces.h		Loading commit data...
splay-tree-inl.h		Loading commit data...
splay-tree.h		Loading commit data...
store-buffer-inl.h		Loading commit data...
store-buffer.cc		Loading commit data...
store-buffer.h		Loading commit data...
string-search.cc		Loading commit data...
string-search.h		Loading commit data...
string-stream.cc		Loading commit data...
string-stream.h		Loading commit data...
string.js		Loading commit data...
strtod.cc		Loading commit data...
strtod.h		Loading commit data...
stub-cache.cc		Loading commit data...
stub-cache.h		Loading commit data...
sweeper-thread.cc		Loading commit data...
sweeper-thread.h		Loading commit data...
symbol.js		Loading commit data...
token.cc		Loading commit data...
token.h		Loading commit data...
transitions-inl.h		Loading commit data...
transitions.cc		Loading commit data...
transitions.h		Loading commit data...
type-info.cc		Loading commit data...
type-info.h		Loading commit data...
typedarray.js		Loading commit data...
types.cc		Loading commit data...
types.h		Loading commit data...
typing.cc		Loading commit data...
typing.h		Loading commit data...
unbound-queue-inl.h		Loading commit data...
unbound-queue.h		Loading commit data...
unicode-inl.h		Loading commit data...
unicode.cc		Loading commit data...
unicode.h		Loading commit data...
uri.h		Loading commit data...
uri.js		Loading commit data...
utils-inl.h		Loading commit data...
utils.cc		Loading commit data...
utils.h		Loading commit data...
v8-counters.cc		Loading commit data...
v8-counters.h		Loading commit data...
v8.cc		Loading commit data...
v8.h		Loading commit data...
v8checks.h		Loading commit data...
v8conversions.cc		Loading commit data...
v8conversions.h		Loading commit data...
v8dll-main.cc		Loading commit data...
v8globals.h		Loading commit data...
v8memory.h		Loading commit data...
v8natives.js		Loading commit data...
v8preparserdll-main.cc		Loading commit data...
v8threads.cc		Loading commit data...
v8threads.h		Loading commit data...
v8utils.cc		Loading commit data...
v8utils.h		Loading commit data...
variables.cc		Loading commit data...
variables.h		Loading commit data...
version.cc		Loading commit data...
version.h		Loading commit data...
vm-state-inl.h		Loading commit data...
vm-state.h		Loading commit data...
win32-headers.h		Loading commit data...
win32-math.cc		Loading commit data...
win32-math.h		Loading commit data...
zone-inl.h		Loading commit data...
zone.cc		Loading commit data...
zone.h		Loading commit data...