Dynamically generated JSExport protocols added to a class results in a crash

Mark Hahnenberg · Mark Hahnenberg · commit c8ee0765be7d · 2014-02-20T19:40:04.000Z
https://bugs.webkit.org/show_bug.cgi?id=129108 Reviewed by Oliver Hunt. We're not getting any information from the runtime about the types of the methods on these protocols because they didn't exist at compile time. We should handle this gracefully. * API/ObjCCallbackFunction.mm: (objCCallbackFunctionForInvocation): * API/tests/JSExportTests.mm: (+[JSExportTests exportDynamicallyGeneratedProtocolTest]): (runJSExportTests): Canonical link: https://commits.webkit.org/147147@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@164439 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/API/ObjCCallbackFunction.mm b/Source/JavaScriptCore/API/ObjCCallbackFunction.mm
@@ -632,6 +632,9 @@ inline bool skipNumber(const char*& position)
 
 static JSObjectRef objCCallbackFunctionForInvocation(JSContext *context, NSInvocation *invocation, CallbackType type, Class instanceClass, const char* signatureWithObjcClasses)
 {
+    if (!signatureWithObjcClasses)
+        return nil;
+
     const char* position = signatureWithObjcClasses;
 
     OwnPtr<CallbackResult> result = adoptPtr(parseObjCType<ResultTypeDelegate>(position));
diff --git a/Source/JavaScriptCore/API/tests/JSExportTests.mm b/Source/JavaScriptCore/API/tests/JSExportTests.mm
@@ -25,13 +25,17 @@
 
 #import "JSExportTests.h"
 
+#import <objc/runtime.h>
+#import <objc/objc.h>
+
 #if JSC_OBJC_API_ENABLED
 
 extern "C" void checkResult(NSString *description, bool passed);
 
 @interface JSExportTests : NSObject
 + (void) exportInstanceMethodWithIdProtocolTest;
 + (void) exportInstanceMethodWithClassProtocolTest;
++ (void) exportDynamicallyGeneratedProtocolTest;
 @end
 
 @protocol TruthTeller
@@ -100,13 +104,33 @@ + (void) exportInstanceMethodWithClassProtocolTest
     [context evaluateScript:@"makeTestObject().methodWithClassProtocol(opaqueObject);"];
     checkResult(@"Successfully exported instance method", !context.exception);
 }
+
++ (void) exportDynamicallyGeneratedProtocolTest
+{
+    JSContext *context = [[JSContext alloc] init];
+    Protocol *dynProtocol = objc_allocateProtocol("NSStringJSExport");
+    Protocol *jsExportProtocol = @protocol(JSExport);
+    protocol_addProtocol(dynProtocol, jsExportProtocol);
+    Method method = class_getInstanceMethod([NSString class], @selector(boolValue));
+    protocol_addMethodDescription(dynProtocol, @selector(boolValue), method_getTypeEncoding(method), YES, YES);
+    NSLog(@"type encoding = %s", method_getTypeEncoding(method));
+    protocol_addMethodDescription(dynProtocol, @selector(boolValue), "B@:", YES, YES);
+    objc_registerProtocol(dynProtocol);
+    class_addProtocol([NSString class], dynProtocol);
+    
+    context[@"NSString"] = [NSString class];
+    context[@"myString"] = @"YES";
+    JSValue *value = [context evaluateScript:@"myString.boolValue()"];
+    checkResult(@"Dynamically generated JSExport-ed protocols are ignored", [value isUndefined] && !!context.exception);
+}
 @end
 
 void runJSExportTests()
 {
     @autoreleasepool {
         [JSExportTests exportInstanceMethodWithIdProtocolTest];
         [JSExportTests exportInstanceMethodWithClassProtocolTest];
+        [JSExportTests exportDynamicallyGeneratedProtocolTest];
     }
 }
 
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,19 @@
+2014-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
+
+        Dynamically generated JSExport protocols added to a class results in a crash
+        https://bugs.webkit.org/show_bug.cgi?id=129108
+
+        Reviewed by Oliver Hunt.
+
+        We're not getting any information from the runtime about the types of the methods on 
+        these protocols because they didn't exist at compile time. We should handle this gracefully.
+
+        * API/ObjCCallbackFunction.mm:
+        (objCCallbackFunctionForInvocation):
+        * API/tests/JSExportTests.mm:
+        (+[JSExportTests exportDynamicallyGeneratedProtocolTest]):
+        (runJSExportTests):
+
 2014-02-20  Gabor Rapcsanyi  <rgabor@webkit.org>
 
         ASSERTION FAILED: isUInt16() on ARMv7 after r113253.

Original file line number	Diff line number	Diff line change
`@@ -632,6 +632,9 @@ inline bool skipNumber(const char*& position)`
`632`	`632`
`633`	`633`	`static JSObjectRef objCCallbackFunctionForInvocation(JSContext context, NSInvocation invocation, CallbackType type, Class instanceClass, const char* signatureWithObjcClasses)`
`634`	`634`	`{`
	`635`	`+ if (!signatureWithObjcClasses)`
	`636`	`+ return nil;`
	`637`	`+`
`635`	`638`	`const char* position = signatureWithObjcClasses;`
`636`	`639`
`637`	`640`	`OwnPtr<CallbackResult> result = adoptPtr(parseObjCType<ResultTypeDelegate>(position));`