Fixed <rdar://problem/3581092> cash in KJS::Bindings::JSObject::eval at tcvet...
authorrjw <rjw@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Aug 2004 21:17:53 +0000 (21:17 +0000)
committerrjw <rjw@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Aug 2004 21:17:53 +0000 (21:17 +0000)
        Adds bullet proofing to protect against evaluation of bogus JS in all the flavors of bindings (Java, C, and ObjC).

        Reviewed by Chris.

        * bindings/NP_jsobject.cpp:
        (NPN_Evaluate):
        * bindings/jni/jni_jsobject.cpp:
        (JSObject::eval):
        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject evaluateWebScript:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@7262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JavaScriptCore/ChangeLog
JavaScriptCore/bindings/NP_jsobject.cpp
JavaScriptCore/bindings/jni/jni_jsobject.cpp
JavaScriptCore/bindings/objc/WebScriptObject.mm

index 408f6c12ab84c6b444ca6eacce1abaa637b81ed5..deb0688be8fb25176778fd624323f759b57c4f9b 100644 (file)
@@ -1,3 +1,18 @@
+2004-08-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3581092> cash in KJS::Bindings::JSObject::eval at tcvetantcvetkov.com
+
+        Adds bullet proofing to protect against evaluation of bogus JS in all the flavors of bindings (Java, C, and ObjC).
+
+        Reviewed by Chris.
+
+        * bindings/NP_jsobject.cpp:
+        (NPN_Evaluate):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::eval):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject evaluateWebScript:]):
+
 2004-08-15  Richard Williamson   <rjw@apple.com>
 
        More updates to np headers.  Implemented new NPN functions.
index 4f09dd4c793cf8b6f5a9edeb955a1e13953ed5aa..87a64802f296e33aeffa6951720a3a78a950f123 100644 (file)
@@ -149,12 +149,24 @@ bool NPN_Evaluate (NPP npp, NPObject *o, NPString *s, NPVariant *variant)
 
         ExecState *exec = obj->root->interpreter()->globalExec();
         Object thisObj = Object(const_cast<ObjectImp*>(obj->imp));
+        Value result;
         
         Interpreter::lock();
         NPUTF16 *scriptString;
         unsigned int UTF16Length;
         convertNPStringToUTF16 (s, &scriptString, &UTF16Length);    // requires free() of returned memory.
-        KJS::Value result = obj->root->interpreter()->evaluate(UString(), 0, UString((const UChar *)scriptString,UTF16Length)).value();
+        Completion completion = obj->root->interpreter()->evaluate(UString(), 0, UString((const UChar *)scriptString,UTF16Length));
+        ComplType type = completion.complType();
+        
+        if (type == Normal) {
+            result = completion.value();
+            if (result.isNull()) {
+                result = Undefined();
+            }
+        }
+        else
+            result = Undefined();
+            
         Interpreter::unlock();
         
         free ((void *)scriptString);
index eeadc352667af6ef989a2833c522342eae01b211..a026ee4eb4a8463f2eeb9ccf9f10283deafb41ec 100644 (file)
@@ -197,9 +197,24 @@ jobject JSObject::eval(jstring script) const
     JS_LOG ("script = %s\n", JavaString(script).UTF8String());
 
     Object thisObj = Object(const_cast<ObjectImp*>(_imp));
+    Value result;
+    
     Interpreter::lock();
-    KJS::Value result = _root->interpreter()->evaluate(UString(), 0, JavaString(script).ustring(),thisObj).value();
+
+    Completion completion = _root->interpreter()->evaluate(UString(), 0, JavaString(script).ustring(),thisObj);
+    ComplType type = completion.complType();
+    
+    if (type == Normal) {
+        result = completion.value();
+        if (result.isNull()) {
+            result = Undefined();
+        }
+    }
+    else
+        result = Undefined();
+
     Interpreter::unlock();
+    
     return convertValueToJObject (result);
 }
 
index 6849730e0191e7df1782abdcd7633f22e260cc24..403a59f122b11190504ee492c03dbf71de5700da 100644 (file)
@@ -170,9 +170,23 @@ static KJS::List listFromNSArray(ExecState *exec, NSArray *array)
 {
     ExecState *exec = _private->root->interpreter()->globalExec();
     Object thisObj = Object(const_cast<ObjectImp*>([self _imp]));
+    Value result;
+    
     Interpreter::lock();
+    
     Value v = convertObjcValueToValue(exec, &script, ObjcObjectType);
-    KJS::Value result = _private->root->interpreter()->evaluate(UString(), 0, v.toString(exec)).value();
+    Completion completion = _private->root->interpreter()->evaluate(UString(), 0, v.toString(exec));
+    ComplType type = completion.complType();
+    
+    if (type == Normal) {
+        result = completion.value();
+        if (result.isNull()) {
+            result = Undefined();
+        }
+    }
+    else
+        result = Undefined();
+
     Interpreter::unlock();
     
     if (exec->hadException()) {