Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1461)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: runtime/bin/dartutils.cc

Issue 23532048: Checks for valid CObject lengths in native API. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Addressed comments. Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « runtime/bin/dartutils.h ('k') | runtime/bin/file.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: runtime/bin/dartutils.cc
diff --git a/runtime/bin/dartutils.cc b/runtime/bin/dartutils.cc
index a2fdf9d41eaa02300ea89395139c32191a8342dd..94ca09e9bd9eb98d44911bb105ff5fb101759ccd 100644
--- a/runtime/bin/dartutils.cc
+++ b/runtime/bin/dartutils.cc
@@ -918,7 +918,7 @@ Dart_CObject* CObject::NewDouble(double value) {
}
-Dart_CObject* CObject::NewString(int length) {
+Dart_CObject* CObject::NewString(intptr_t length) {
Dart_CObject* cobject = New(Dart_CObject_kString, length + 1);
cobject->value.as_string = reinterpret_cast<char*>(cobject + 1);
return cobject;
@@ -933,7 +933,7 @@ Dart_CObject* CObject::NewString(const char* str) {
}
-Dart_CObject* CObject::NewArray(int length) {
+Dart_CObject* CObject::NewArray(intptr_t length) {
Dart_CObject* cobject =
New(Dart_CObject_kArray, length * sizeof(Dart_CObject*)); // NOLINT
cobject->value.as_array.length = length;
@@ -943,7 +943,7 @@ Dart_CObject* CObject::NewArray(int length) {
}
-Dart_CObject* CObject::NewUint8Array(int length) {
+Dart_CObject* CObject::NewUint8Array(intptr_t length) {
Dart_CObject* cobject = New(Dart_CObject_kTypedData, length);
cobject->value.as_typed_data.type = Dart_TypedData_kUint8;
cobject->value.as_typed_data.length = length;
@@ -953,7 +953,7 @@ Dart_CObject* CObject::NewUint8Array(int length) {
Dart_CObject* CObject::NewExternalUint8Array(
- int64_t length, uint8_t* data, void* peer,
+ intptr_t length, uint8_t* data, void* peer,
Dart_WeakPersistentHandleFinalizer callback) {
Dart_CObject* cobject = New(Dart_CObject_kExternalTypedData);
cobject->value.as_external_typed_data.type = Dart_TypedData_kUint8;
@@ -966,8 +966,16 @@ Dart_CObject* CObject::NewExternalUint8Array(
Dart_CObject* CObject::NewIOBuffer(int64_t length) {
+ // Make sure that we do not have an integer overflow here. Actual check
+ // against max elements will be done at the time of writing, as the constant
+ // is not part of the public API.
+ if (length > kIntptrMax) {
+ return NULL;
+ }
uint8_t* data = IOBuffer::Allocate(length);
- return NewExternalUint8Array(length, data, data, IOBuffer::Finalizer);
+ ASSERT(data != NULL);
+ return NewExternalUint8Array(
+ static_cast<intptr_t>(length), data, data, IOBuffer::Finalizer);
}
« no previous file with comments | « runtime/bin/dartutils.h ('k') | runtime/bin/file.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698