Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1b624bea4bbbf7cf1c9a7b8fc65e9fa6d153d32c
https://github.com/WebKit/WebKit/commit/1b624bea4bbbf7cf1c9a7b8fc65e9fa6d153d32c
Author: Chris Dumez <cdu...@apple.com>
Date: 2023-09-30 (Sat, 30 Sep 2023)
Changed paths:
M Source/JavaScriptCore/API/JSObjectRef.cpp
M Source/JavaScriptCore/dfg/DFGLivenessAnalysisPhase.cpp
M Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/runtime/IntlCollator.cpp
M Source/WTF/wtf/Liveness.h
M Source/WTF/wtf/Vector.h
M Source/WTF/wtf/WeakHashSet.h
M Source/WTF/wtf/WeakListHashSet.h
M Source/WTF/wtf/text/WTFString.cpp
M Source/WebCore/bindings/js/IDBBindingUtilities.cpp
M Source/WebCore/css/CSSFontFace.cpp
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Element.cpp
M Source/WebCore/dom/Node.cpp
M Source/WebCore/html/URLSearchParams.cpp
M Source/WebCore/html/parser/AtomHTMLToken.h
M Source/WebCore/loader/cache/MemoryCache.cpp
M Source/WebCore/rendering/RenderObject.cpp
Log Message:
-----------
[Hardening] Make Vector::uncheckedAppend() an alias to Vector::append()
https://bugs.webkit.org/show_bug.cgi?id=262431
Reviewed by Ryosuke Niwa.
Make Vector::uncheckedAppend() an alias to Vector::append() so that bounds
checking always happens. This hardening is part of our effort to make our code
safer.
This tested as performance neutral on Speedometer, MotionMark and JetStream on
various A/B bots (I tried to cover various configurations). However, I plan to
monitor the bots after landing to be safe. If it sticks, I'll follow-up to get
rid of Vector::uncheckedAppend() entirely.
Note that in order to avoid regressions on benchmarks, WTF::map(),
Vector::map(),
copyToVector() & copyToVectorOf() still rely on a private
unsafeAppendWithoutCapacityCheck() function.
* Source/JavaScriptCore/API/JSObjectRef.cpp:
(JSObjectCopyPropertyNames):
* Source/JavaScriptCore/dfg/DFGLivenessAnalysisPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::linkOSREntries):
* Source/JavaScriptCore/runtime/IntlCollator.cpp:
(JSC::IntlCollator::sortLocaleData):
(JSC::IntlCollator::searchLocaleData):
* Source/WTF/wtf/Liveness.h:
(WTF::Liveness::compute):
* Source/WTF/wtf/Vector.h:
(WTF::Vector::Vector):
(WTF::Vector::append):
(WTF::Vector::uncheckedAppend):
(WTF::Vector::uncheckedConstructAndAppend):
(WTF::Vector::unsafeAppendWithoutCapacityCheck):
(WTF::Malloc>::unsafeAppendWithoutCapacityCheck):
(WTF::Malloc>::appendVector):
(WTF::Malloc>::map const const):
(WTF::Mapper::map):
(WTF::copyToVectorSpecialization):
(WTF::Malloc>::uncheckedAppend): Deleted.
(WTF::Malloc>::uncheckedConstructAndAppend): Deleted.
* Source/WTF/wtf/WeakHashSet.h:
* Source/WTF/wtf/WeakListHashSet.h:
* Source/WTF/wtf/text/WTFString.cpp:
(WTF::String::charactersWithoutNullTermination const):
* Source/WebCore/bindings/js/IDBBindingUtilities.cpp:
(WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath):
* Source/WebCore/css/CSSFontFace.cpp:
(WebCore::CSSFontFace::setUnicodeRange):
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::didAssociateFormControlsTimerFired):
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::setElementsArrayAttribute):
* Source/WebCore/dom/Node.cpp:
(WebCore::Node::convertNodesOrStringsIntoNode):
* Source/WebCore/html/URLSearchParams.cpp:
(WebCore::URLSearchParams::getAll const):
* Source/WebCore/html/parser/AtomHTMLToken.h:
(WebCore::AtomHTMLToken::initializeAttributes):
* Source/WebCore/loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::forEachResource):
* Source/WebCore/rendering/RenderObject.cpp:
(WebCore::absoluteRectsForRangeInText):
(WebCore::RenderObject::absoluteTextRects):
Canonical link: https://commits.webkit.org/268700@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
