Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(160)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/string-builder.cc

Issue 1191263002: Protect error message formatter against invalid string length. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/string-builder.h ('k') | test/mjsunit/regress/regress-500980.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/string-builder.cc
diff --git a/src/string-builder.cc b/src/string-builder.cc
index c7488abb9513a29727f7e0877684343b03bbecad..7c46e0d523e41560ae633577850c2369b93bb608 100644
--- a/src/string-builder.cc
+++ b/src/string-builder.cc
@@ -55,25 +55,23 @@ IncrementalStringBuilder::IncrementalStringBuilder(Isolate* isolate)
}
-void IncrementalStringBuilder::Accumulate() {
- // Only accumulate fully written strings. Shrink first if necessary.
- DCHECK_EQ(current_index_, current_part()->length());
+void IncrementalStringBuilder::Accumulate(Handle<String> new_part) {
Handle<String> new_accumulator;
- if (accumulator()->length() + current_part()->length() > String::kMaxLength) {
+ if (accumulator()->length() + new_part->length() > String::kMaxLength) {
// Set the flag and carry on. Delay throwing the exception till the end.
new_accumulator = factory()->empty_string();
overflowed_ = true;
} else {
- new_accumulator = factory()
- ->NewConsString(accumulator(), current_part())
- .ToHandleChecked();
+ new_accumulator =
+ factory()->NewConsString(accumulator(), new_part).ToHandleChecked();
}
set_accumulator(new_accumulator);
}
void IncrementalStringBuilder::Extend() {
- Accumulate();
+ DCHECK_EQ(current_index_, current_part()->length());
+ Accumulate(current_part());
if (part_length_ <= kMaxPartLength / kPartLengthGrowthFactor) {
part_length_ *= kPartLengthGrowthFactor;
}
@@ -91,7 +89,7 @@ void IncrementalStringBuilder::Extend() {
MaybeHandle<String> IncrementalStringBuilder::Finish() {
ShrinkCurrentPart();
- Accumulate();
+ Accumulate(current_part());
if (overflowed_) {
THROW_NEW_ERROR(isolate_, NewInvalidStringLengthError(), String);
}
@@ -103,9 +101,7 @@ void IncrementalStringBuilder::AppendString(Handle<String> string) {
ShrinkCurrentPart();
part_length_ = kInitialPartLength; // Allocate conservatively.
Extend(); // Attach current part and allocate new part.
- Handle<String> concat =
- factory()->NewConsString(accumulator(), string).ToHandleChecked();
- set_accumulator(concat);
+ Accumulate(string);
}
} // namespace internal
} // namespace v8
« no previous file with comments | « src/string-builder.h ('k') | test/mjsunit/regress/regress-500980.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698