Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 72813004: Fixed crashes exposed though fuzzing. (Closed)

Created:
7 years, 1 month ago by danno
Modified:
7 years, 1 month ago
Reviewers:
Yang
CC:
v8-dev, Jakob Kummerow
Visibility:
Public.

Description

Fixed crashes exposed though fuzzing. The %_OneByteSeqStringSetChar intrinsic expects its arguments to be checked before being called for efficiency reasons, but the fuzzer provided no such checks. Now the intrinsic is robust to bad input if FLAG_debug_code is set. R=yangguo@chromium.org TEST=test/mjsunit/regress/regress-320948.js BUG=chromium:320948 LOG=Y Committed: http://code.google.com/p/v8/source/detail?r=17886

Patch Set 1 #

Patch Set 2 : Implement all platforms #

Total comments: 6

Patch Set 3 : More tweaks #

Patch Set 4 : Review feedback #

Patch Set 5 : Fix nits #

Unified diffs Side-by-side diffs Delta from patch set Stats (+492 lines, -208 lines) Patch
M src/arm/full-codegen-arm.cc View 1 2 3 4 3 chunks +14 lines, -27 lines 0 comments Download
M src/arm/lithium-arm.h View 1 1 chunk +10 lines, -8 lines 0 comments Download
M src/arm/lithium-arm.cc View 1 1 chunk +7 lines, -4 lines 0 comments Download
M src/arm/lithium-codegen-arm.cc View 1 1 chunk +5 lines, -9 lines 0 comments Download
M src/arm/macro-assembler-arm.h View 1 2 3 2 chunks +11 lines, -0 lines 0 comments Download
M src/arm/macro-assembler-arm.cc View 1 2 3 4 2 chunks +82 lines, -0 lines 0 comments Download
M src/full-codegen.h View 1 chunk +0 lines, -5 lines 0 comments Download
M src/hydrogen.cc View 1 2 3 5 chunks +18 lines, -8 lines 0 comments Download
M src/hydrogen-instructions.h View 1 1 chunk +15 lines, -11 lines 0 comments Download
M src/ia32/full-codegen-ia32.cc View 1 2 3 3 chunks +17 lines, -30 lines 0 comments Download
M src/ia32/lithium-codegen-ia32.cc View 1 chunk +6 lines, -9 lines 0 comments Download
M src/ia32/lithium-ia32.h View 2 chunks +12 lines, -8 lines 0 comments Download
M src/ia32/lithium-ia32.cc View 2 1 chunk +28 lines, -5 lines 0 comments Download
M src/ia32/macro-assembler-ia32.h View 1 2 3 2 chunks +11 lines, -0 lines 0 comments Download
M src/ia32/macro-assembler-ia32.cc View 1 2 3 2 chunks +70 lines, -0 lines 0 comments Download
M src/objects.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M src/runtime.h View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M src/runtime.cc View 1 2 3 1 chunk +11 lines, -0 lines 0 comments Download
M src/x64/full-codegen-x64.cc View 1 2 3 3 chunks +16 lines, -28 lines 0 comments Download
M src/x64/lithium-codegen-x64.cc View 1 1 chunk +6 lines, -9 lines 0 comments Download
M src/x64/lithium-x64.h View 1 1 chunk +10 lines, -8 lines 0 comments Download
M src/x64/lithium-x64.cc View 1 2 1 chunk +13 lines, -3 lines 0 comments Download
M src/x64/macro-assembler-x64.h View 1 2 3 2 chunks +11 lines, -0 lines 0 comments Download
M src/x64/macro-assembler-x64.cc View 1 2 3 2 chunks +66 lines, -0 lines 0 comments Download
M test/mjsunit/fuzz-natives-part1.js View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M test/mjsunit/fuzz-natives-part2.js View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M test/mjsunit/fuzz-natives-part3.js View 1 chunk +1 line, -0 lines 0 comments Download
M test/mjsunit/fuzz-natives-part4.js View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
A + test/mjsunit/regress/regress-320948.js View 1 chunk +47 lines, -36 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
danno
PTAL
7 years, 1 month ago (2013-11-19 14:11:50 UTC) #1
danno
PTAL
7 years, 1 month ago (2013-11-19 14:19:44 UTC) #2
Yang
LGTM once comments are addressed. https://codereview.chromium.org/72813004/diff/30001/src/arm/macro-assembler-arm.cc File src/arm/macro-assembler-arm.cc (right): https://codereview.chromium.org/72813004/diff/30001/src/arm/macro-assembler-arm.cc#newcode3405 src/arm/macro-assembler-arm.cc:3405: b(ne, &is_object); Use ThrowIfNot(ne, ...
7 years, 1 month ago (2013-11-19 14:35:29 UTC) #3
Yang
On 2013/11/19 14:35:29, Yang wrote: > LGTM once comments are addressed. > > https://codereview.chromium.org/72813004/diff/30001/src/arm/macro-assembler-arm.cc > ...
7 years, 1 month ago (2013-11-19 14:38:28 UTC) #4
danno
Feedback addressed, landing https://codereview.chromium.org/72813004/diff/30001/src/arm/macro-assembler-arm.cc File src/arm/macro-assembler-arm.cc (right): https://codereview.chromium.org/72813004/diff/30001/src/arm/macro-assembler-arm.cc#newcode3405 src/arm/macro-assembler-arm.cc:3405: b(ne, &is_object); On 2013/11/19 14:35:29, Yang ...
7 years, 1 month ago (2013-11-19 16:19:13 UTC) #5
danno
7 years, 1 month ago (2013-11-19 16:41:29 UTC) #6
Message was sent while issue was closed. 
Committed patchset #5 manually as r17886.

Powered by Google App Engine
This is Rietveld 408576698