Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1863553003: [elements] Fix length bounds precheck for Array.prototype.concat (Closed)

Created:
4 years, 8 months ago by Camillo Bruni
Modified:
4 years, 8 months ago
Reviewers:
Igor Sheludko
CC:
v8-reviews_googlegroups.com
Base URL:
https://chromium.googlesource.com/v8/v8.git@master
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

[elements] Fix length bounds precheck for Array.prototype.concat BUG=chromium:599414 LOG=n Committed: https://crrev.com/823224f3ee7959dc4731191439dcef2bcb16a043 Cr-Commit-Position: refs/heads/master@{#35269}

Patch Set 1 #

Patch Set 2 : adding test #

Total comments: 5

Patch Set 3 : addressing nits #

Patch Set 4 : compare properly #

Unified diffs Side-by-side diffs Delta from patch set Stats (+21 lines, -13 lines) Patch
M src/builtins.cc View 1 2 3 2 chunks +12 lines, -8 lines 0 comments Download
M src/elements.cc View 1 2 2 chunks +3 lines, -3 lines 0 comments Download
A + test/mjsunit/regress/regress-599414-array-concat-fast-path.js View 1 1 chunk +6 lines, -2 lines 0 comments Download

Messages

Total messages: 10 (4 generated)
Camillo Bruni
PTAL the test runs in 2.5s in debug mode, I guess that is fine.
4 years, 8 months ago (2016-04-05 11:14:43 UTC) #2
Igor Sheludko
lgtm with nits: https://codereview.chromium.org/1863553003/diff/20001/src/builtins.cc File src/builtins.cc (right): https://codereview.chromium.org/1863553003/diff/20001/src/builtins.cc#newcode1561 src/builtins.cc:1561: if (FixedDoubleArray::kMaxLength < result_len) { How ...
4 years, 8 months ago (2016-04-05 12:53:27 UTC) #3
Camillo Bruni
https://codereview.chromium.org/1863553003/diff/20001/src/builtins.cc File src/builtins.cc (right): https://codereview.chromium.org/1863553003/diff/20001/src/builtins.cc#newcode1561 src/builtins.cc:1561: if (FixedDoubleArray::kMaxLength < result_len) { On 2016/04/05 at 12:53:27, ...
4 years, 8 months ago (2016-04-05 15:07:48 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1863553003/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1863553003/60001
4 years, 8 months ago (2016-04-05 15:11:04 UTC) #7
commit-bot: I haz the power
Committed patchset #4 (id:60001)
4 years, 8 months ago (2016-04-05 15:35:17 UTC) #8
commit-bot: I haz the power
4 years, 8 months ago (2016-04-05 15:35:37 UTC) #10
Message was sent while issue was closed. 
Patchset 4 (id:??) landed as
https://crrev.com/823224f3ee7959dc4731191439dcef2bcb16a043
Cr-Commit-Position: refs/heads/master@{#35269}

Powered by Google App Engine
This is Rietveld 408576698