src/runtime.cc - Issue 1725002: Port bugfix in revision 4449 to 2.1 branch.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/runtime.cc

Issue 1725002: Port bugfix in revision 4449 to 2.1 branch. (Closed)

Patch Set: Changed minor version too. Created 10 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/runtime.cc

diff --git a/src/runtime.cc b/src/runtime.cc

index 6b89cf174a639902b275d05448d680582b840be3..8ce1118261a0dde97dd49891a5466a496a2aa753 100644

--- a/src/runtime.cc

+++ b/src/runtime.cc

@@ -1705,8 +1705,6 @@ class ReplacementStringBuilder {

void AddSubjectSlice(int from, int to) {

AddSubjectSlice(&array_builder_, from, to);

- // Can we encode the slice in 11 bits for length and 19 bits for

- // start position - as used by StringBuilderConcatHelper?

IncrementCharacterCount(to - from);

}

@@ -5307,7 +5305,7 @@ static Object* Runtime_StringAdd(Arguments args) {

}

-template<typename sinkchar>

+template <typename sinkchar>

static inline void StringBuilderConcatHelper(String* special,

sinkchar* sink,

FixedArray* fixed_array,

@@ -5378,33 +5376,41 @@ static Object* Runtime_StringBuilderConcat(Arguments args) {

bool ascii = special->IsAsciiRepresentation();

int position = 0;

- int increment = 0;

for (int i = 0; i < array_length; i++) {

+ int increment = 0;

Object* elt = fixed_array->get(i);

if (elt->IsSmi()) {

// Smi encoding of position and length.

- int len = Smi::cast(elt)->value();

- if (len > 0) {

+ int smi_value = Smi::cast(elt)->value();

+ int pos;

+ int len;

+ if (smi_value > 0) {

// Position and length encoded in one smi.

- int pos = len >> 11;

- len &= 0x7ff;

- if (pos + len > special_length) {

- return Top::Throw(Heap::illegal_argument_symbol());

- }

- increment = len;

+ pos = StringBuilderSubstringPosition::decode(smi_value);

+ len = StringBuilderSubstringLength::decode(smi_value);

} else {

// Position and length encoded in two smis.

- increment = (-len);

- // Get the position and check that it is also a smi.

+ len = -smi_value;

+ // Get the position and check that it is a positive smi.

i++;

if (i >= array_length) {

return Top::Throw(Heap::illegal_argument_symbol());

}

- Object* pos = fixed_array->get(i);

- if (!pos->IsSmi()) {

+ Object* next_smi = fixed_array->get(i);

+ if (!next_smi->IsSmi()) {

return Top::Throw(Heap::illegal_argument_symbol());

}

+ pos = Smi::cast(next_smi)->value();

+ if (pos < 0) {

+ return Top::Throw(Heap::illegal_argument_symbol());

+ }

+ ASSERT(pos >= 0);

+ ASSERT(len >= 0);

+ if (pos > special_length || len > special_length - pos) {

+ return Top::Throw(Heap::illegal_argument_symbol());

}

+ increment = len;

} else if (elt->IsString()) {

String* element = String::cast(elt);

int element_length = element->length();

« no previous file with comments | « no previous file | src/string.js » ('j') | no next file with comments »