Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(28)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/api.cc

Issue 1157843006: Flatten the Arrays returned and consumed by the v8::Map API (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Reject FromArray args with odd lengths Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « include/v8.h ('k') | src/collection.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/api.cc
diff --git a/src/api.cc b/src/api.cc
index 6ecdb4d4a207a2bcc6308d99773d363252456073..bdea688d38e83fd3a5a31b86af66469e6af4b676 100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -6272,17 +6272,13 @@ Local<Array> Map::AsArray() const {
LOG_API(isolate, "Map::AsArray");
ENTER_V8(isolate);
i::Handle<i::OrderedHashMap> table(i::OrderedHashMap::cast(obj->table()));
- int length = table->NumberOfElements();
+ int size = table->NumberOfElements();
+ int length = size * 2;
jochen (gone - plz use gerrit) 2015/06/03 10:44:51 can this overflow?
adamk 2015/06/03 15:35:30 NumberOfElements is stored in a Smi and is guarant
Jakob Kummerow 2015/06/05 15:05:47 Uhm... I don't follow this reasoning. On 64-bit pl
adamk 2015/06/05 17:42:20 Sorry, my reason was indeed bogus (I must have bee
i::Handle<i::FixedArray> result = factory->NewFixedArray(length);
- for (int i = 0; i < length; ++i) {
+ for (int i = 0; i < size; ++i) {
if (table->KeyAt(i)->IsTheHole()) continue;
- i::HandleScope handle_scope(isolate);
- i::Handle<i::FixedArray> entry = factory->NewFixedArray(2);
- entry->set(0, table->KeyAt(i));
- entry->set(1, table->ValueAt(i));
- i::Handle<i::JSArray> entry_array =
- factory->NewJSArrayWithElements(entry, i::FAST_ELEMENTS, 2);
- result->set(i, *entry_array);
+ result->set(i * 2, table->KeyAt(i));
+ result->set(i * 2 + 1, table->ValueAt(i));
}
i::Handle<i::JSArray> result_array =
factory->NewJSArrayWithElements(result, i::FAST_ELEMENTS, length);
@@ -6292,6 +6288,9 @@ Local<Array> Map::AsArray() const {
MaybeLocal<Map> Map::FromArray(Local<Context> context, Local<Array> array) {
PREPARE_FOR_EXECUTION(context, "Map::FromArray", Map);
+ if (array->Length() % 2 != 0) {
+ return MaybeLocal<Map>();
+ }
i::Handle<i::Object> result;
i::Handle<i::Object> argv[] = {Utils::OpenHandle(*array)};
has_pending_exception =
« no previous file with comments | « include/v8.h ('k') | src/collection.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698