Add more overflow check book-keeping for MarkedArgumentBuffer.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Nov 2017 22:58:04 +0000 (22:58 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Nov 2017 22:58:04 +0000 (22:58 +0000)
commit61b293b1212bd240d4191443d153aab8daadca43
treef2f82d4dd466611249b217104800301acc04554b
parentabfb7a3322ddbeec492bc4183ac416626f900dbc
Add more overflow check book-keeping for MarkedArgumentBuffer.
https://bugs.webkit.org/show_bug.cgi?id=179634
<rdar://problem/35492517>

Reviewed by Saam Barati.

JSTests:

* stress/regress-179634.js: Added.

Source/JavaScriptCore:

* runtime/ArgList.h:
(JSC::MarkedArgumentBuffer::overflowCheckNotNeeded):
* runtime/JSJob.cpp:
(JSC::JSJobMicrotask::run):
* runtime/ObjectConstructor.cpp:
(JSC::defineProperties):
* runtime/ReflectObject.cpp:
(JSC::reflectObjectConstruct):

Source/WebKit:

* WebProcess/Plugins/Netscape/NPJSObject.cpp:
(WebKit::NPJSObject::construct):
(WebKit::NPJSObject::invoke):

Source/WebKitLegacy/mac:

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::invoke):
(WebKit::NetscapePluginInstanceProxy::invokeDefault):
(WebKit::NetscapePluginInstanceProxy::construct):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@224784 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/regress-179634.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/ArgList.h
Source/JavaScriptCore/runtime/JSJob.cpp
Source/JavaScriptCore/runtime/ObjectConstructor.cpp
Source/JavaScriptCore/runtime/ReflectObject.cpp
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/Plugins/Netscape/NPJSObject.cpp
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm