Fixed a crash bug reported by ZodTTD in SourceURL string handling.

author Jay Freeman (saurik) <saurik@saurik.com>

Mon, 9 Nov 2009 10:42:22 +0000 (10:42 +0000)

committer Jay Freeman (saurik) <saurik@saurik.com>

Mon, 9 Nov 2009 10:42:22 +0000 (10:42 +0000)
author Jay Freeman (saurik) <saurik@saurik.com>
Mon, 9 Nov 2009 10:42:22 +0000 (10:42 +0000)
committer Jay Freeman (saurik) <saurik@saurik.com>
Mon, 9 Nov 2009 10:42:22 +0000 (10:42 +0000)
diff --git a/LockScreen.mm b/LockScreen.mm

index bfb5432869561584653d1c168fef3981ec8d0356..4333ce96f35f902a4bffd77514148266f64633b1 100644 (file)
--- a/LockScreen.mm
+++ b/LockScreen.mm
@@ -794,6 +794,7 @@ static void Cycriptify(apr_pool_t *pool, const uint16_t *&data, size_t &size) {
  extern "C" void *_ZN3JSC7UString3Rep14nullBaseStringE __attribute__((__weak_import__));
  extern "C" void *_ZN3JSC7UString3Rep7destroyEv __attribute__((__weak_import__));
  extern "C" void *_ZN3JSC7UStringC1EPKti __attribute__((__weak_import__));
  extern "C" void *_ZN3JSC7UString3Rep14nullBaseStringE __attribute__((__weak_import__));
  extern "C" void *_ZN3JSC7UString3Rep7destroyEv __attribute__((__weak_import__));
  extern "C" void *_ZN3JSC7UStringC1EPKti __attribute__((__weak_import__));
+extern "C" void *_ZN3JSC7UStringC1EPKc __attribute__((__weak_import__));
  extern "C" void *_ZNK3JSC7UString6substrEii __attribute__((__weak_import__));
  extern "C" void *_ZN3WTF10fastMallocEm __attribute__((__weak_import__));
  extern "C" void WTFReportAssertionFailure(const char *, int, const char *, const char *) __attribute__((__weak_import__));
  extern "C" void *_ZNK3JSC7UString6substrEii __attribute__((__weak_import__));
  extern "C" void *_ZN3WTF10fastMallocEm __attribute__((__weak_import__));
  extern "C" void WTFReportAssertionFailure(const char *, int, const char *, const char *) __attribute__((__weak_import__));
@@ -804,6 +805,7 @@ bool CYWeakHell() {
          &_ZN3JSC7UString3Rep14nullBaseStringE == NULL ||
          &_ZN3JSC7UString3Rep7destroyEv == NULL ||
          &_ZN3JSC7UStringC1EPKti == NULL ||
          &_ZN3JSC7UString3Rep14nullBaseStringE == NULL ||
          &_ZN3JSC7UString3Rep7destroyEv == NULL ||
          &_ZN3JSC7UStringC1EPKti == NULL ||
+        &_ZN3JSC7UStringC1EPKc == NULL ||
          &_ZNK3JSC7UString6substrEii == NULL ||
          &_ZN3WTF10fastMallocEm == NULL ||
          &WTFReportAssertionFailure == NULL ||
          &_ZNK3JSC7UString6substrEii == NULL ||
          &_ZN3WTF10fastMallocEm == NULL ||
          &WTFReportAssertionFailure == NULL ||
@@ -816,17 +818,21 @@ MSHook(void, _ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE, JSC::Sourc
          return __ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE(_this, global, line, message);
      else {
          SetParser(false, true);
          return __ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE(_this, global, line, message);
      else {
          SetParser(false, true);
+
          JSC::SourceCode *source(*_this);
          const uint16_t *data(source->data());
          size_t size(source->length());
          JSC::SourceCode *source(*_this);
          const uint16_t *data(source->data());
          size_t size(source->length());
+
          apr_pool_t *pool;
          apr_pool_create(&pool, NULL);
          apr_pool_t *pool;
          apr_pool_create(&pool, NULL);
+
          Cycriptify(pool, data, size);
          Cycriptify(pool, data, size);
-        JSC::SourceCode code(JSC::makeSource(JSC::UString(data, size)));
-        *_this = &code;
-        __ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE(_this, global, line, message);
+        source->~SourceCode();
+        new (source) JSC::SourceCode(JSC::UStringSourceProvider::create(JSC::UString(data, size), "cycript://"), 1);
+
          apr_pool_destroy(pool);
          apr_pool_destroy(pool);
-        *_this = source;
+
+        __ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE(_this, global, line, message);
      }
  }
  
      }
  }
  
@@ -836,10 +842,13 @@ MSHook(void, _ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE, void *_this,
      else {
          const uint16_t *data(code);
          size_t size(length);
      else {
          const uint16_t *data(code);
          size_t size(length);
+
          apr_pool_t *pool;
          apr_pool_create(&pool, NULL);
          apr_pool_t *pool;
          apr_pool_create(&pool, NULL);
+
          Cycriptify(pool, data, size);
          __ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE(_this, start, data, size, source, line, message);
          Cycriptify(pool, data, size);
          __ZN3KJS6Parser5parseEiPKNS_5UCharEjPiS4_PNS_7UStringE(_this, start, data, size, source, line, message);
+
          apr_pool_destroy(pool);
      }
  }
          apr_pool_destroy(pool);
      }
  }
diff --git a/control b/control

index c037282869ddc4c2f3eb2ed07e6ae6a22b45ddb5..353bc85e8da89c12578c7062f49a2b645b0b3ab2 100644 (file)
--- a/control
+++ b/control
@@ -3,7 +3,7 @@ Priority: optional
  Section: Development
  Maintainer: Jay Freeman (saurik) <saurik@saurik.com>
  Architecture: iphoneos-arm
  Section: Development
  Maintainer: Jay Freeman (saurik) <saurik@saurik.com>
  Architecture: iphoneos-arm
-Version: 0.9.3084-1
+Version: 0.9.3085-1
  Description: framework for managing lock screen plugins
  Name: Cydget
  Depends: mobilesubstrate (>= 0.9.2587-1), firmware (>= 2.2), preferenceloader, apr-lib, pcre
  Description: framework for managing lock screen plugins
  Name: Cydget
  Depends: mobilesubstrate (>= 0.9.2587-1), firmware (>= 2.2), preferenceloader, apr-lib, pcre
diff --git a/makefile b/makefile

index 2f4df5d81eeb671419c926be67cbf7d71f585467..0a85f5b3b8ac10bd50ce77cec2e8bf96b546cca1 100644 (file)
--- a/makefile
+++ b/makefile
@@ -15,7 +15,7 @@ CydgetSettings: CydgetSettings.mm makefile
         ldid -S $@
  
  WebCycriptLockScreen: LockScreen.mm makefile $(base)/../mobilesubstrate/substrate.h
         ldid -S $@
  
  WebCycriptLockScreen: LockScreen.mm makefile $(base)/../mobilesubstrate/substrate.h
-       $(target)g++ -F. -bundle -mthumb -g0 -O2 -Wall -Werror -o $@ $(filter %.mm,$^) -lobjc -I$(base)/../mobilesubstrate $(link) $(flags) -framework CoreGraphics -framework QuartzCore -framework SpringBoardUI -framework WebCore -framework GraphicsServices -framework TelephonyUI -I$(jscore) -iquote$(webcore)/{bindings/js,dom,loader,platform{,/animation,/cf,/network{,/cf},/text},/rendering/style} -iquote$(jscore)/{bytecode,debugger,interpreter,jit,parser,runtime} -lapr-1 -weak_reference_mismatches weak -framework JavaScriptCore -lpcre
+       $(target)g++ -F. -bundle -mthumb -g0 -O2 -Wall -Werror -o $@ $(filter %.mm,$^) -lobjc -I$(base)/../mobilesubstrate $(link) $(flags) -framework CoreGraphics -framework QuartzCore -framework SpringBoardUI -framework WebCore -framework GraphicsServices -framework TelephonyUI -I$(jscore) -iquote$(webcore)/{bindings/js,dom,loader,platform{,/animation,/cf,/network{,/cf},/text},/rendering/style} -iquote$(jscore)/{bytecode,debugger,interpreter,jit,parser,runtime} -lapr-1 -weak_reference_mismatches weak -framework JavaScriptCore -lpcre -DNDEBUG
         ldid -S $@
  
  extra:
         ldid -S $@
  
  extra:
author	Jay Freeman (saurik) <saurik@saurik.com>
	Mon, 9 Nov 2009 10:42:22 +0000 (10:42 +0000)
committer	Jay Freeman (saurik) <saurik@saurik.com>
	Mon, 9 Nov 2009 10:42:22 +0000 (10:42 +0000)
LockScreen.mm		patch \| blob \| blame \| history
control		patch \| blob \| blame \| history
makefile		patch \| blob \| blame \| history