Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(341)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/heap.cc

Issue 551045: Merge r3560, r3562 and r3568 from bleeding_edge to 1.3 branch to fix... (Closed) Base URL: http://v8.googlecode.com/svn/branches/1.3/
Patch Set: '' Created 10 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | src/objects.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/heap.cc
===================================================================
--- src/heap.cc (revision 3610)
+++ src/heap.cc (working copy)
@@ -1990,6 +1990,9 @@
Object* Heap::AllocateByteArray(int length, PretenureFlag pretenure) {
+ if (length < 0 || length > ByteArray::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
if (pretenure == NOT_TENURED) {
return AllocateByteArray(length);
}
@@ -2008,6 +2011,9 @@
Object* Heap::AllocateByteArray(int length) {
+ if (length < 0 || length > ByteArray::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
int size = ByteArray::SizeFor(length);
AllocationSpace space =
size > MaxObjectSizeInPagedSpace() ? LO_SPACE : NEW_SPACE;
@@ -2666,12 +2672,16 @@
Object* Heap::AllocateInternalSymbol(unibrow::CharacterStream* buffer,
int chars,
uint32_t length_field) {
+ ASSERT(chars >= 0);
// Ensure the chars matches the number of characters in the buffer.
ASSERT(static_cast<unsigned>(chars) == buffer->Length());
// Determine whether the string is ascii.
bool is_ascii = true;
- while (buffer->has_more() && is_ascii) {
- if (buffer->GetNext() > unibrow::Utf8::kMaxOneByteChar) is_ascii = false;
+ while (buffer->has_more()) {
+ if (buffer->GetNext() > unibrow::Utf8::kMaxOneByteChar) {
+ is_ascii = false;
+ break;
+ }
}
buffer->Rewind();
@@ -2680,6 +2690,9 @@
Map* map;
if (is_ascii) {
+ if (chars > SeqAsciiString::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
if (chars <= String::kMaxShortSize) {
map = short_ascii_symbol_map();
} else if (chars <= String::kMaxMediumSize) {
@@ -2689,6 +2702,9 @@
}
size = SeqAsciiString::SizeFor(chars);
} else {
+ if (chars > SeqTwoByteString::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
if (chars <= String::kMaxShortSize) {
map = short_symbol_map();
} else if (chars <= String::kMaxMediumSize) {
@@ -2721,13 +2737,17 @@
Object* Heap::AllocateRawAsciiString(int length, PretenureFlag pretenure) {
+ if (length < 0 || length > SeqAsciiString::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
+ int size = SeqAsciiString::SizeFor(length);
+ ASSERT(size <= SeqAsciiString::kMaxSize);
+
AllocationSpace space = (pretenure == TENURED) ? OLD_DATA_SPACE : NEW_SPACE;
// New space can't cope with forced allocation.
if (always_allocate()) space = OLD_DATA_SPACE;
- int size = SeqAsciiString::SizeFor(length);
-
Object* result = Failure::OutOfMemoryException();
if (space == NEW_SPACE) {
result = size <= kMaxObjectSizeInNewSpace
@@ -2758,13 +2778,17 @@
Object* Heap::AllocateRawTwoByteString(int length, PretenureFlag pretenure) {
+ if (length < 0 || length > SeqTwoByteString::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
+ int size = SeqTwoByteString::SizeFor(length);
+ ASSERT(size <= SeqTwoByteString::kMaxSize);
+
AllocationSpace space = (pretenure == TENURED) ? OLD_DATA_SPACE : NEW_SPACE;
// New space can't cope with forced allocation.
if (always_allocate()) space = OLD_DATA_SPACE;
- int size = SeqTwoByteString::SizeFor(length);
-
Object* result = Failure::OutOfMemoryException();
if (space == NEW_SPACE) {
result = size <= kMaxObjectSizeInNewSpace
@@ -2806,6 +2830,9 @@
Object* Heap::AllocateRawFixedArray(int length) {
+ if (length < 0 || length > FixedArray::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
// Use the general function if we're forced to always allocate.
if (always_allocate()) return AllocateFixedArray(length, TENURED);
// Allocate the raw data for a fixed array.
@@ -2857,7 +2884,11 @@
Object* Heap::AllocateFixedArray(int length, PretenureFlag pretenure) {
+ ASSERT(length >= 0);
ASSERT(empty_fixed_array()->IsFixedArray());
+ if (length < 0 || length > FixedArray::kMaxLength) {
+ return Failure::OutOfMemoryException();
+ }
if (length == 0) return empty_fixed_array();
// New space can't cope with forced allocation.
« no previous file with comments | « no previous file | src/objects.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698