Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/js/harmony-atomics.js

Issue 2659083004: [SAB] Fix crash in Atomics.wake w/ infinite count. (Closed)
Patch Set: fix Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/futex-emulation.cc ('k') | src/runtime/runtime-futex.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/js/harmony-atomics.js
diff --git a/src/js/harmony-atomics.js b/src/js/harmony-atomics.js
index bfbf0c505e54bab3ff298f370de8d54c903114af..ffcfd66407b1e0bb2a9a43885d6b5a832914a71b 100644
--- a/src/js/harmony-atomics.js
+++ b/src/js/harmony-atomics.js
@@ -13,10 +13,12 @@
var GlobalObject = global.Object;
var MaxSimple;
+var MinSimple;
var toStringTagSymbol = utils.ImportNow("to_string_tag_symbol");
utils.Import(function(from) {
MaxSimple = from.MaxSimple;
+ MinSimple = from.MinSimple;
});
// -------------------------------------------------------------------
@@ -123,7 +125,12 @@ function AtomicsWaitJS(ia, index, value, timeout) {
function AtomicsWakeJS(ia, index, count) {
CheckSharedInteger32TypedArray(ia);
index = ValidateIndex(index, %_TypedArrayGetLength(ia));
- count = MaxSimple(0, TO_INTEGER(count));
+ if (IS_UNDEFINED(count)) {
+ count = kMaxUint32;
+ } else {
+ // Clamp to [0, kMaxUint32].
+ count = MinSimple(MaxSimple(0, TO_INTEGER(count)), kMaxUint32);
+ }
return %AtomicsWake(ia, index, count);
}
« no previous file with comments | « src/futex-emulation.cc ('k') | src/runtime/runtime-futex.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698