Mercurial > jdk8-mips64-public > nashorn / changeset

changeset

8066220: Fuzzing bug: MethodHandle bug (Object,Object) != (boolean)Object

Wed, 03 Jun 2015 10:42:06 +0200

author
hannesw
date
Wed, 03 Jun 2015 10:42:06 +0200
changeset 1393
dcbf5e2121e3
parent 1392
ba519ec9ec82
child 1394
07f32a26bc1e

8066220: Fuzzing bug: MethodHandle bug (Object,Object) != (boolean)Object
Reviewed-by: lagergren, attila, sundar

src/jdk/nashorn/internal/runtime/CompiledFunction.java file | annotate | diff | comparison | revisions
test/script/basic/JDK-8066220.js file | annotate | diff | comparison | revisions
test/script/basic/JDK-8066220.js.EXPECTED file | annotate | diff | comparison | revisions 
     1.1 --- a/src/jdk/nashorn/internal/runtime/CompiledFunction.java	Tue Jun 02 17:08:13 2015 +0200
     1.2 +++ b/src/jdk/nashorn/internal/runtime/CompiledFunction.java	Wed Jun 03 10:42:06 2015 +0200
     1.3 @@ -528,8 +528,9 @@
     1.4  
     1.5          final int fnParamCountNoCallee = fnParamCount - thisThisIndex;
     1.6          final int minParams = Math.min(csParamCount - 1, fnParamCountNoCallee); // callSiteType always has callee, so subtract 1
     1.7 -        // We must match all incoming parameters, except "this". Starting from 1 to skip "this".
     1.8 -        for(int i = 1; i < minParams; ++i) {
     1.9 +        // We must match all incoming parameters, including "this". "this" will usually be Object, but there
    1.10 +        // are exceptions, e.g. when calling functions with primitive "this" in strict mode or through call/apply.
    1.11 +        for(int i = 0; i < minParams; ++i) {
    1.12              final Type fnType = Type.typeFor(type.parameterType(i + thisThisIndex));
    1.13              final Type csType = csIsVarArg ? Type.OBJECT : Type.typeFor(other.parameterType(i + 1));
    1.14              if(!fnType.isEquivalentTo(csType)) {

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/test/script/basic/JDK-8066220.js	Wed Jun 03 10:42:06 2015 +0200
     2.3 @@ -0,0 +1,38 @@
     2.4 +/*
     2.5 + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
     2.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     2.7 + * 
     2.8 + * This code is free software; you can redistribute it and/or modify it
     2.9 + * under the terms of the GNU General Public License version 2 only, as
    2.10 + * published by the Free Software Foundation.
    2.11 + * 
    2.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
    2.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
    2.14 + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
    2.15 + * version 2 for more details (a copy is included in the LICENSE file that
    2.16 + * accompanied this code).
    2.17 + * 
    2.18 + * You should have received a copy of the GNU General Public License version
    2.19 + * 2 along with this work; if not, write to the Free Software Foundation,
    2.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
    2.21 + * 
    2.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
    2.23 + * or visit www.oracle.com if you need additional information or have any
    2.24 + * questions.
    2.25 + */
    2.26 +
    2.27 +/**
    2.28 + * JDK-8066220: Fuzzing bug: MethodHandle bug (Object,Object) != (boolean)Object
    2.29 + *
    2.30 + * @test
    2.31 + * @run
    2.32 + */
    2.33 +
    2.34 +
    2.35 +function f() {}
    2.36 +// Call f with primitive this first, then as constructor
    2.37 +f.call(1);
    2.38 +new f();
    2.39 +
    2.40 +// Same as above in strict mode
    2.41 +eval('"use strict"; function e() { print(typeof this); } e.call(1); new e();');

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/test/script/basic/JDK-8066220.js.EXPECTED	Wed Jun 03 10:42:06 2015 +0200
     3.3 @@ -0,0 +1,2 @@
     3.4 +number
     3.5 +object

Mercurial Repository: jdk8-mips64-public/nashorn

mercurial