|
Fix array allocation overflow check on arm/arm64/mips.
When adding an object size in bytes to the allocation top address,
we must check for *unsigned* overflow, not signed overflow. 32-bit example:
if top is 0xfffff000 and size is 0x1008, then top + size is an unsigned,
but not a signed, overflow.
Add similar unit test for typed data (same issue).
BUG= 23254
R=regis@google.com
Committed: https://code.google.com/p/dart/source/detail?r=45354
Total comments: 11
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+86 lines, -23 lines) |
Patch |
|
M |
runtime/tests/vm/vm.status
|
View
|
1
2
3
4
5
6
7
|
1 chunk |
+0 lines, -1 line |
0 comments
|
Download
|
|
M |
runtime/vm/assembler_arm.cc
|
View
|
1
2
3
4
5
6
7
|
2 chunks |
+4 lines, -3 lines |
0 comments
|
Download
|
|
M |
runtime/vm/assembler_arm64.cc
|
View
|
1
2
3
4
5
6
7
|
2 chunks |
+4 lines, -3 lines |
0 comments
|
Download
|
|
M |
runtime/vm/assembler_mips.cc
|
View
|
1
2
3
4
5
6
7
|
2 chunks |
+4 lines, -2 lines |
0 comments
|
Download
|
|
M |
runtime/vm/intrinsifier_arm.cc
|
View
|
1
2
3
4
5
6
7
|
3 chunks |
+4 lines, -3 lines |
0 comments
|
Download
|
|
M |
runtime/vm/intrinsifier_arm64.cc
|
View
|
1
2
3
4
5
6
7
|
3 chunks |
+4 lines, -3 lines |
0 comments
|
Download
|
|
M |
runtime/vm/intrinsifier_mips.cc
|
View
|
1
2
3
4
5
6
7
|
3 chunks |
+6 lines, -4 lines |
0 comments
|
Download
|
|
M |
runtime/vm/object_test.cc
|
View
|
1
2
3
4
5
6
7
|
1 chunk |
+54 lines, -0 lines |
0 comments
|
Download
|
|
M |
runtime/vm/stub_code_arm.cc
|
View
|
1
2
3
4
5
6
7
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
M |
runtime/vm/stub_code_arm64.cc
|
View
|
1
2
3
4
5
6
7
|
1 chunk |
+3 lines, -1 line |
0 comments
|
Download
|
|
M |
runtime/vm/stub_code_mips.cc
|
View
|
1
2
3
4
5
6
7
|
1 chunk |
+2 lines, -2 lines |
0 comments
|
Download
|
Total messages: 11 (2 generated)
|