Chromium Code Reviews Chromium Code Reviews
Issue 2452007:
Fix bug that could cause a string to be incorrectly tagged as an array index. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2006-2008 the V8 project authors. All rights reserved. | 1 // Copyright 2006-2008 the V8 project authors. All rights reserved. |
| 2 | 2 |
| 3 // Check that we can traverse very deep stacks of ConsStrings using | 3 // Check that we can traverse very deep stacks of ConsStrings using |
| 4 // StringInputBuffer. Check that Get(int) works on very deep stacks | 4 // StringInputBuffer. Check that Get(int) works on very deep stacks |
| 5 // of ConsStrings. These operations may not be very fast, but they | 5 // of ConsStrings. These operations may not be very fast, but they |
| 6 // should be possible without getting errors due to too deep recursion. | 6 // should be possible without getting errors due to too deep recursion. |
| 7 | 7 |
| 8 #include <stdlib.h> | 8 #include <stdlib.h> |
| 9 | 9 |
| 10 #include "v8.h" | 10 #include "v8.h" |
| (...skipping 415 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 426 " if (non_ascii[i] !=" | 426 " if (non_ascii[i] !=" |
| 427 " (non_ascii[j] + external_non_ascii[i - j])) return 12;" | 427 " (non_ascii[j] + external_non_ascii[i - j])) return 12;" |
| 428 " }" | 428 " }" |
| 429 " }" | 429 " }" |
| 430 " return 0;" | 430 " return 0;" |
| 431 "};" | 431 "};" |
| 432 "test()"; | 432 "test()"; |
| 433 CHECK_EQ(0, | 433 CHECK_EQ(0, |
| 434 v8::Script::Compile(v8::String::New(source))->Run()->Int32Value()); | 434 v8::Script::Compile(v8::String::New(source))->Run()->Int32Value()); |
| 435 } | 435 } |
| 436 | |
| 437 | |
| 438 TEST(CachedHashOverflow) { | |
| 439 // We incorrectly allowed strings to be tagged as array indices even if their | |
|
Søren Thygesen Gjesse
2010/06/02 09:27:03
Maybe open a bug and refer to it here.
| |
| 440 // values didn't fit in the hash field. | |
| 441 ZoneScope zone(DELETE_ON_EXIT); | |
| 442 | |
| 443 InitializeVM(); | |
| 444 v8::HandleScope handle_scope; | |
| 445 // Lines must be executed sequentially. Combining them into one script | |
| 446 // makes the bug go away. | |
| 447 const char* lines[] = { | |
| 448 "var x = [];", | |
| 449 "x[4] = 42;", | |
| 450 "var s = \"1073741828\";", | |
| 451 "x[s];", | |
| 452 "x[s] = 37;", | |
| 453 "x[4];", | |
| 454 "x[s];", | |
| 455 NULL | |
| 456 }; | |
| 457 | |
| 458 Handle<Smi> fortytwo(Smi::FromInt(42)); | |
| 459 Handle<Smi> thirtyseven(Smi::FromInt(37)); | |
| 460 Handle<Object> results[] = { | |
| 461 Factory::undefined_value(), | |
| 462 fortytwo, | |
| 463 Factory::undefined_value(), | |
| 464 Factory::undefined_value(), | |
| 465 thirtyseven, | |
| 466 fortytwo, | |
| 467 thirtyseven // Bug yielded 42 here. | |
| 468 }; | |
| 469 | |
| 470 const char* line; | |
| 471 for (int i = 0; (line = lines[i]); i++) { | |
| 472 printf("%s\n", line); | |
| 473 v8::Local<v8::Value> result = | |
| 474 v8::Script::Compile(v8::String::New(line))->Run(); | |
| 475 ASSERT_EQ(results[i]->IsUndefined(), result->IsUndefined()); | |
| 476 ASSERT_EQ(results[i]->IsNumber(), result->IsNumber()); | |
| 477 if (result->IsNumber()) { | |
| 478 ASSERT_EQ(Smi::cast(results[i]->ToSmi())->value(), | |
| 479 result->ToInt32()->Value()); | |
| 480 } | |
| 481 } | |
| 482 } | |
| OLD | NEW |
