src/runtime.cc - Issue 144533003: Don't crash in Array.join() if the resulting string exceeds the max string length.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/runtime.cc

Issue 144533003: Don't crash in Array.join() if the resulting string exceeds the max string length. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Add regression test. Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/runtime.cc

diff --git a/src/runtime.cc b/src/runtime.cc

index b3429fa1f54e2849313c3caf749fdd25d548ca84..3e8d57d039900ac11fc0311b9a45ba35045f9f43 100644

--- a/src/runtime.cc

+++ b/src/runtime.cc

@@ -7263,7 +7263,7 @@ static void JoinSparseArrayWithSeparator(FixedArray* elements,

RUNTIME_FUNCTION(MaybeObject*, Runtime_SparseJoinWithSeparator) {

- SealHandleScope shs(isolate);

+ HandleScope scope(isolate);

ASSERT(args.length() == 3);

CONVERT_ARG_CHECKED(JSArray, elements_array, 0);

RUNTIME_ASSERT(elements_array->HasFastSmiOrObjectElements());

@@ -7323,8 +7323,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_SparseJoinWithSeparator) {

}

if (overflow) {

- // Throw OutOfMemory exception for creating too large a string.

- V8::FatalProcessOutOfMemory("Array join result too large.");

+ // Throw an exception if the resulting string is too large. See

+ // https://code.google.com/p/chromium/issues/detail?id=336820

+ // for details.

+ return isolate->Throw(*isolate->factory()->

+ NewRangeError("invalid_string_length",

+ HandleVector<Object>(NULL, 0)));

}

if (is_ascii) {

« no previous file with comments | « src/messages.js ('k') | test/mjsunit/regress/regress-336820.js » ('j') | no next file with comments »