Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/d8.cc

Issue 8898021: Fix crash in d8 when external array ctor hits stack overflow (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-100859.js » ('j') | test/mjsunit/regress/regress-crbug-100859.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2011 the V8 project authors. All rights reserved. 1 // Copyright 2011 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after
289 element_size == 8); 289 element_size == 8);
290 if (args.Length() != 1) { 290 if (args.Length() != 1) {
291 return ThrowException( 291 return ThrowException(
292 String::New("Array constructor needs one parameter.")); 292 String::New("Array constructor needs one parameter."));
293 } 293 }
294 static const int kMaxLength = 0x3fffffff; 294 static const int kMaxLength = 0x3fffffff;
295 #ifndef V8_SHARED 295 #ifndef V8_SHARED
296 ASSERT(kMaxLength == i::ExternalArray::kMaxLength); 296 ASSERT(kMaxLength == i::ExternalArray::kMaxLength);
297 #endif // V8_SHARED 297 #endif // V8_SHARED
298 size_t length = 0; 298 size_t length = 0;
299 if (args[0]->IsUint32()) { 299 if (args[0]->IsUint32()) {
Rico 2011/12/13 11:28:39 Below: How about just having a local TryCatch? The
Jakob Kummerow 2011/12/13 13:04:37 Done.
300 length = args[0]->Uint32Value(); 300 length = args[0]->Uint32Value();
301 } else { 301 } else {
302 Local<Number> number = args[0]->ToNumber(); 302 Local<Number> number = args[0]->ToNumber();
303 if (number.IsEmpty() || !number->IsNumber()) { 303 if (number.IsEmpty() || !number->IsNumber()) {
304 i::Isolate* isolate = i::Isolate::Current();
305 if (isolate->try_catch_handler()->HasCaught()) {
306 return isolate->try_catch_handler()->Exception();
307 }
304 return ThrowException(String::New("Array length must be a number.")); 308 return ThrowException(String::New("Array length must be a number."));
305 } 309 }
306 int32_t raw_length = number->ToInt32()->Int32Value(); 310 Local<Int32> int32 = number->ToInt32();
311 if (int32.IsEmpty()) {
312 i::Isolate* isolate = i::Isolate::Current();
313 if (isolate->try_catch_handler()->HasCaught()) {
314 return isolate->try_catch_handler()->Exception();
315 }
316 return ThrowException(String::New("Array length must be a number."));
Rico 2011/12/13 11:28:39 we already established that length is a number, so
Jakob Kummerow 2011/12/13 13:04:37 On second thought, no, we can't. Done.
317 }
318 int32_t raw_length = int32->Int32Value();
307 if (raw_length < 0) { 319 if (raw_length < 0) {
320 i::Isolate* isolate = i::Isolate::Current();
321 if (isolate->try_catch_handler()->HasCaught()) {
322 return isolate->try_catch_handler()->Exception();
323 }
308 return ThrowException(String::New("Array length must not be negative.")); 324 return ThrowException(String::New("Array length must not be negative."));
309 } 325 }
310 if (raw_length > static_cast<int32_t>(kMaxLength)) { 326 if (raw_length > static_cast<int32_t>(kMaxLength)) {
311 return ThrowException( 327 return ThrowException(
312 String::New("Array length exceeds maximum length.")); 328 String::New("Array length exceeds maximum length."));
313 } 329 }
314 length = static_cast<size_t>(raw_length); 330 length = static_cast<size_t>(raw_length);
315 } 331 }
316 if (length > static_cast<size_t>(kMaxLength)) { 332 if (length > static_cast<size_t>(kMaxLength)) {
317 return ThrowException(String::New("Array length exceeds maximum length.")); 333 return ThrowException(String::New("Array length exceeds maximum length."));
(...skipping 1063 matching lines...) Expand 10 before | Expand all | Expand 10 after
1381 } 1397 }
1382 1398
1383 } // namespace v8 1399 } // namespace v8
1384 1400
1385 1401
1386 #ifndef GOOGLE3 1402 #ifndef GOOGLE3
1387 int main(int argc, char* argv[]) { 1403 int main(int argc, char* argv[]) {
1388 return v8::Shell::Main(argc, argv); 1404 return v8::Shell::Main(argc, argv);
1389 } 1405 }
1390 #endif 1406 #endif
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-100859.js » ('j') | test/mjsunit/regress/regress-crbug-100859.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698