From 30662b5d64ff633f57d89290da2a85507d561187 Mon Sep 17 00:00:00 2001
From: Chris Adams <christopher.adams@nokia.com>
Date: Thu, 9 Aug 2012 14:34:58 +1000
Subject: [PATCH] Only read symbol_id for strings which are known to be symbols

Ensures that uninitialised symbol_id is not dereferenced if the
string is created on the stack via code generators instead of on
the heap.

Task-number: QTBUG-23126
Change-Id: I083586ad46796e70b0246413742d326c60f379e5
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
---
 src/3rdparty/v8/src/api.cc     | 2 +-
 src/3rdparty/v8/src/heap-inl.h | 2 --
 src/3rdparty/v8/src/heap.cc    | 2 --
 3 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/3rdparty/v8/src/api.cc b/src/3rdparty/v8/src/api.cc
index 1becc61..70d0a8a 100644
--- a/src/3rdparty/v8/src/api.cc
+++ b/src/3rdparty/v8/src/api.cc
@@ -3911,7 +3911,7 @@ String::CompleteHashData String::CompleteHash() const {
   CompleteHashData result;
   result.length = str->length();
   result.hash = str->Hash();
-  if (str->IsSeqString())
+  if (str->IsSeqAsciiString() && str->IsSymbol())
       result.symbol_id = i::SeqString::cast(*str)->symbol_id();
   return result;
 }
diff --git a/src/3rdparty/v8/src/heap-inl.h b/src/3rdparty/v8/src/heap-inl.h
index 3e036b6..d1f66a8 100644
--- a/src/3rdparty/v8/src/heap-inl.h
+++ b/src/3rdparty/v8/src/heap-inl.h
@@ -127,7 +127,6 @@ MaybeObject* Heap::AllocateAsciiSymbol(Vector<const char> str,
   String* answer = String::cast(result);
   answer->set_length(str.length());
   answer->set_hash_field(hash_field);
-  SeqString::cast(answer)->set_symbol_id(0);
 
   ASSERT_EQ(size, answer->Size());
 
@@ -161,7 +160,6 @@ MaybeObject* Heap::AllocateTwoByteSymbol(Vector<const uc16> str,
   String* answer = String::cast(result);
   answer->set_length(str.length());
   answer->set_hash_field(hash_field);
-  SeqString::cast(answer)->set_symbol_id(0);
 
   ASSERT_EQ(size, answer->Size());
 
diff --git a/src/3rdparty/v8/src/heap.cc b/src/3rdparty/v8/src/heap.cc
index 933cec6..f678517 100644
--- a/src/3rdparty/v8/src/heap.cc
+++ b/src/3rdparty/v8/src/heap.cc
@@ -4490,7 +4490,6 @@ MaybeObject* Heap::AllocateRawAsciiString(int length, PretenureFlag pretenure) {
   HeapObject::cast(result)->set_map_no_write_barrier(ascii_string_map());
   String::cast(result)->set_length(length);
   String::cast(result)->set_hash_field(String::kEmptyHashField);
-  SeqString::cast(result)->set_symbol_id(0);
   ASSERT_EQ(size, HeapObject::cast(result)->Size());
   return result;
 }
@@ -4527,7 +4526,6 @@ MaybeObject* Heap::AllocateRawTwoByteString(int length,
   HeapObject::cast(result)->set_map_no_write_barrier(string_map());
   String::cast(result)->set_length(length);
   String::cast(result)->set_hash_field(String::kEmptyHashField);
-  SeqString::cast(result)->set_symbol_id(0);
   ASSERT_EQ(size, HeapObject::cast(result)->Size());
   return result;
 }
-- 
2.7.4