Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(339)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/elements.cc

Issue 2219803002: [keys] Throw a range error if the number of keys overflow FixedArray::kMaxLength (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: formatting Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/elements.h ('k') | src/keys.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/elements.h" 5 #include "src/elements.h"
6 6
7 #include "src/arguments.h" 7 #include "src/arguments.h"
8 #include "src/conversions.h" 8 #include "src/conversions.h"
9 #include "src/factory.h" 9 #include "src/factory.h"
10 #include "src/isolate-inl.h" 10 #include "src/isolate-inl.h"
(...skipping 1012 matching lines...) Expand 10 before | Expand all | Expand 10 after
1023 } else { 1023 } else {
1024 list->set(insertion_index, Smi::FromInt(i), SKIP_WRITE_BARRIER); 1024 list->set(insertion_index, Smi::FromInt(i), SKIP_WRITE_BARRIER);
1025 } 1025 }
1026 insertion_index++; 1026 insertion_index++;
1027 } 1027 }
1028 } 1028 }
1029 *nof_indices = insertion_index; 1029 *nof_indices = insertion_index;
1030 return list; 1030 return list;
1031 } 1031 }
1032 1032
1033 Handle<FixedArray> PrependElementIndices(Handle<JSObject> object, 1033 MaybeHandle<FixedArray> PrependElementIndices(
1034 Handle<FixedArrayBase> backing_store, 1034 Handle<JSObject> object, Handle<FixedArrayBase> backing_store,
1035 Handle<FixedArray> keys, 1035 Handle<FixedArray> keys, GetKeysConversion convert,
1036 GetKeysConversion convert, 1036 PropertyFilter filter) final {
1037 PropertyFilter filter) final {
1038 return Subclass::PrependElementIndicesImpl(object, backing_store, keys, 1037 return Subclass::PrependElementIndicesImpl(object, backing_store, keys,
1039 convert, filter); 1038 convert, filter);
1040 } 1039 }
1041 1040
1042 static Handle<FixedArray> PrependElementIndicesImpl( 1041 static MaybeHandle<FixedArray> PrependElementIndicesImpl(
1043 Handle<JSObject> object, Handle<FixedArrayBase> backing_store, 1042 Handle<JSObject> object, Handle<FixedArrayBase> backing_store,
1044 Handle<FixedArray> keys, GetKeysConversion convert, 1043 Handle<FixedArray> keys, GetKeysConversion convert,
1045 PropertyFilter filter) { 1044 PropertyFilter filter) {
1046 Isolate* isolate = object->GetIsolate(); 1045 Isolate* isolate = object->GetIsolate();
1047 uint32_t nof_property_keys = keys->length(); 1046 uint32_t nof_property_keys = keys->length();
1048 uint32_t initial_list_length = 1047 uint32_t initial_list_length =
1049 Subclass::GetMaxNumberOfEntries(*object, *backing_store); 1048 Subclass::GetMaxNumberOfEntries(*object, *backing_store);
1050 initial_list_length += nof_property_keys; 1049 initial_list_length += nof_property_keys;
1050 if (initial_list_length > FixedArray::kMaxLength ||
1051 initial_list_length < nof_property_keys) {
1052 return isolate->Throw<FixedArray>(isolate->factory()->NewRangeError(
1053 MessageTemplate::kInvalidArrayLength));
1054 }
1051 1055
1052 bool needs_sorting = 1056 bool needs_sorting =
1053 IsDictionaryElementsKind(kind()) || IsSloppyArgumentsElements(kind()); 1057 IsDictionaryElementsKind(kind()) || IsSloppyArgumentsElements(kind());
1054 1058
1055 // Collect the element indices into a new list. 1059 // Collect the element indices into a new list.
1056 uint32_t nof_indices = 0; 1060 uint32_t nof_indices = 0;
1057 Handle<FixedArray> combined_keys = 1061 Handle<FixedArray> combined_keys =
1058 isolate->factory()->NewFixedArray(initial_list_length); 1062 isolate->factory()->NewFixedArray(initial_list_length);
1059 combined_keys = Subclass::DirectCollectElementIndicesImpl( 1063 combined_keys = Subclass::DirectCollectElementIndicesImpl(
1060 isolate, object, backing_store, 1064 isolate, object, backing_store,
(...skipping 2404 matching lines...) Expand 10 before | Expand all | Expand 10 after
3465 insertion_index += len; 3469 insertion_index += len;
3466 } 3470 }
3467 3471
3468 DCHECK_EQ(insertion_index, result_len); 3472 DCHECK_EQ(insertion_index, result_len);
3469 return result_array; 3473 return result_array;
3470 } 3474 }
3471 3475
3472 ElementsAccessor** ElementsAccessor::elements_accessors_ = NULL; 3476 ElementsAccessor** ElementsAccessor::elements_accessors_ = NULL;
3473 } // namespace internal 3477 } // namespace internal
3474 } // namespace v8 3478 } // namespace v8
OLDNEW
« no previous file with comments | « src/elements.h ('k') | src/keys.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698