From 2b5e0f90112fe85872894fb16e811203d4d3671f Mon Sep 17 00:00:00 2001 From: Ulf Hermann Date: Mon, 17 Feb 2020 15:30:54 +0100 Subject: V4: Fix mark stack overruns Instead of applying a heuristic on when to call drain() in unrelated code, we check the stack limit on each push(). If the soft limit is reached we try to drain. As drain() itself can push again, we try to limit the stack size by allowing at most 65 recursions of drain(). If none of that helps, we crash with a meaningful error message. This allows us to remove all the hacky drain() calls in other parts of the code. Change-Id: Ib979339470da0e85981de8131e7997755b757c71 Reviewed-by: Simon Hausmann --- src/qml/jsruntime/qv4value_p.h | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) (limited to 'src/qml/jsruntime/qv4value_p.h') diff --git a/src/qml/jsruntime/qv4value_p.h b/src/qml/jsruntime/qv4value_p.h index ae12033eb4..42e97b1d36 100644 --- a/src/qml/jsruntime/qv4value_p.h +++ b/src/qml/jsruntime/qv4value_p.h @@ -537,29 +537,8 @@ struct ValueArray { } void mark(MarkStack *markStack) { - Value *v = values; - const Value *end = v + alloc; - if (alloc > 32*1024) { - // drain from time to time to avoid overflows in the js stack - Value::HeapBasePtr *currentBase = markStack->top; - while (v < end) { - v->mark(markStack); - ++v; - if (markStack->top >= currentBase + 32*1024) { - Value::HeapBasePtr *oldBase = markStack->base; - markStack->base = currentBase; - markStack->drain(); - markStack->base = oldBase; - } - } - } else { - while (v < end) { - v->mark(markStack); - if (markStack->top >= markStack->limit) - markStack->drain(); - ++v; - } - } + for (Value *v = values, *end = values + alloc; v < end; ++v) + v->mark(markStack); } }; -- cgit v1.2.3