Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/cctest/test-api.cc

Issue 2876046: Prevent invalid pre-parsing data passed in through the API from crashing V8. (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: '' Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/parser.cc ('k') | test/mjsunit/fuzz-natives.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2007-2009 the V8 project authors. All rights reserved. 1 // Copyright 2007-2009 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 8539 matching lines...) Expand 10 before | Expand all | Expand 10 after
8550 const char* data = "DONT CARE"; 8550 const char* data = "DONT CARE";
8551 int invalid_size = 3; 8551 int invalid_size = 3;
8552 v8::ScriptData* sd = v8::ScriptData::New(data, invalid_size); 8552 v8::ScriptData* sd = v8::ScriptData::New(data, invalid_size);
8553 8553
8554 CHECK_EQ(0, sd->Length()); 8554 CHECK_EQ(0, sd->Length());
8555 8555
8556 delete sd; 8556 delete sd;
8557 } 8557 }
8558 8558
8559 8559
8560 // Attempts to deserialize bad data.
8561 TEST(PreCompileInvalidPreparseDataError) {
8562 v8::V8::Initialize();
8563 v8::HandleScope scope;
8564 LocalContext context;
8565
8566 const char* script = "function foo(){ return 5;}\n"
8567 "function bar(){ return 6 + 7;} foo();";
8568 v8::ScriptData* sd =
8569 v8::ScriptData::PreCompile(script, i::StrLength(script));
8570 CHECK(!sd->HasError());
8571 // ScriptDataImpl private implementation details
8572 const int kUnsignedSize = sizeof(unsigned);
8573 const int kHeaderSize = 4;
8574 const int kFunctionEntrySize = 4;
8575 const int kFunctionEntryStartOffset = 0;
8576 const int kFunctionEntryEndOffset = 1;
8577 unsigned* sd_data =
8578 reinterpret_cast<unsigned*>(const_cast<char*>(sd->Data()));
8579 CHECK_EQ(sd->Length(),
8580 (kHeaderSize + 2 * kFunctionEntrySize) * kUnsignedSize);
8581
8582 // Overwrite function bar's end position with 0.
8583 sd_data[kHeaderSize + 1 * kFunctionEntrySize + kFunctionEntryEndOffset] = 0;
8584 Local<String> source = String::New(script);
8585 Local<Script> compiled_script = Script::New(source, NULL, sd);
8586
8587 // Overwrite function bar's start position with 200. The function entry
8588 // will not be found when searching for it by position.
8589 sd_data[kHeaderSize + 1 * kFunctionEntrySize + kFunctionEntryStartOffset] =
8590 200;
8591 compiled_script = Script::New(source, NULL, sd);
8592
8593 delete sd;
8594 }
8595
8596
8560 // Verifies that the Handle<String> and const char* versions of the API produce 8597 // Verifies that the Handle<String> and const char* versions of the API produce
8561 // the same results (at least for one trivial case). 8598 // the same results (at least for one trivial case).
8562 TEST(PreCompileAPIVariationsAreSame) { 8599 TEST(PreCompileAPIVariationsAreSame) {
8563 v8::V8::Initialize(); 8600 v8::V8::Initialize();
8564 v8::HandleScope scope; 8601 v8::HandleScope scope;
8565 8602
8566 const char* cstring = "function foo(a) { return a+1; }"; 8603 const char* cstring = "function foo(a) { return a+1; }";
8567 v8::ScriptData* sd_from_cstring = 8604 v8::ScriptData* sd_from_cstring =
8568 v8::ScriptData::PreCompile(cstring, i::StrLength(cstring)); 8605 v8::ScriptData::PreCompile(cstring, i::StrLength(cstring));
8569 8606
(...skipping 2494 matching lines...) Expand 10 before | Expand all | Expand 10 after
11064 11101
11065 ExpectString("str2.substring(2, 10);", "elspenda"); 11102 ExpectString("str2.substring(2, 10);", "elspenda");
11066 11103
11067 ExpectString("str2.substring(2, 20);", "elspendabelabelspe"); 11104 ExpectString("str2.substring(2, 20);", "elspendabelabelspe");
11068 11105
11069 ExpectString("str2.charAt(2);", "e"); 11106 ExpectString("str2.charAt(2);", "e");
11070 11107
11071 reresult = CompileRun("str2.charCodeAt(2);"); 11108 reresult = CompileRun("str2.charCodeAt(2);");
11072 CHECK_EQ(static_cast<int32_t>('e'), reresult->Int32Value()); 11109 CHECK_EQ(static_cast<int32_t>('e'), reresult->Int32Value());
11073 } 11110 }
OLDNEW
« no previous file with comments | « src/parser.cc ('k') | test/mjsunit/fuzz-natives.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698