[v8-dev] Version 3.30.33.10 (cherry-pick) (issue 804343006 by [email protected])

Thu, 18 Dec 2014 05:04:48 -0800 

Reviewers: Jakob,

Description:
Version 3.30.33.10 (cherry-pick)

Merged cfccf397d00b6fa94206d2cf89dd73efa995199a

v8::String::Concat must not throw.

BUG=chromium:420240
LOG=N
[email protected]

Please review this at https://codereview.chromium.org/804343006/

Base URL: https://chromium.googlesource.com/v8/[email protected]

Affected files (+31, -8 lines):
  M src/api.cc
  M src/version.cc
  M test/cctest/test-api.cc


Index: src/api.cc
diff --git a/src/api.cc b/src/api.cc
index 2c8009e1d3cd80ccadb86940476edb47a4e148be..239c7ac21892a5e0b1ae43aa9cf82e4bba9ba48b 100644 
--- a/src/api.cc
+++ b/src/api.cc
@@ -5545,7 +5545,11 @@ Local<String> v8::String::Concat(Handle<String> left, Handle<String> right) { 
   LOG_API(isolate, "String::New(char)");
   ENTER_V8(isolate);
   i::Handle<i::String> right_string = Utils::OpenHandle(*right);
-  // We do not expect this to fail. Change this if it does.
+ // If we are steering towards a range error, do not wait for the error to be 
+  // thrown, and return the null handle instead.
+ if (left_string->length() + right_string->length() > i::String::kMaxLength) { 
+    return Local<String>();
+  }
   i::Handle<i::String> result = isolate->factory()->NewConsString(
       left_string, right_string).ToHandleChecked();
   return Utils::ToLocal(result);
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index 60eb703127e358ac8c9b949a0c0ef812aade8c8d..e65985abb39a4002d9097e1cbb34b565dac284de 100644 
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     30
 #define BUILD_NUMBER      33
-#define PATCH_LEVEL       9
+#define PATCH_LEVEL       10
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index 068a07ee71d56d83a7e796bc62542aea4b6a4930..2bcd9209c8a933824be0e8bf3579939e6b359d4d 100644 
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -742,23 +742,28 @@ THREADED_TEST(UsingExternalOneByteString) {
 }


-class DummyResource : public v8::String::ExternalStringResource {
+class RandomLengthResource : public v8::String::ExternalStringResource {
  public:
+  explicit RandomLengthResource(int length) : length_(length) {}
   virtual const uint16_t* data() const { return string_; }
-  virtual size_t length() const { return 1 << 30; }
+  virtual size_t length() const { return length_; }

  private:
   uint16_t string_[10];
+  int length_;
 };
-class DummyOneByteResource : public v8::String::ExternalOneByteStringResource { 
+class RandomLengthOneByteResource
+    : public v8::String::ExternalOneByteStringResource {
  public:
+  explicit RandomLengthOneByteResource(int length) : length_(length) {}
   virtual const char* data() const { return string_; }
-  virtual size_t length() const { return 1 << 30; }
+  virtual size_t length() const { return length_; }

  private:
   char string_[10];
+  int length_;
 };


@@ -767,7 +772,7 @@ THREADED_TEST(NewExternalForVeryLongString) {
     LocalContext env;
     v8::HandleScope scope(env->GetIsolate());
     v8::TryCatch try_catch;
-    DummyOneByteResource r;
+    RandomLengthOneByteResource r(1 << 30);
v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(), &r); 
     CHECK(str.IsEmpty());
     CHECK(try_catch.HasCaught());
@@ -779,7 +784,7 @@ THREADED_TEST(NewExternalForVeryLongString) {
     LocalContext env;
     v8::HandleScope scope(env->GetIsolate());
     v8::TryCatch try_catch;
-    DummyResource r;
+    RandomLengthResource r(1 << 30);
v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(), &r); 
     CHECK(str.IsEmpty());
     CHECK(try_catch.HasCaught());
@@ -24164,3 +24169,17 @@ TEST(StreamingUtf8ScriptWithMultipleMultibyteCharactersSomeSplit2) { 
   const char* chunks[] = {chunk1, chunk2, "foo();", NULL};
   RunStreamingTest(chunks, v8::ScriptCompiler::StreamedSource::UTF8);
 }
+
+
+TEST(StringConcatOverflow) {
+  v8::V8::Initialize();
+  v8::HandleScope scope(CcTest::isolate());
+  RandomLengthOneByteResource* r =
+      new RandomLengthOneByteResource(i::String::kMaxLength);
+ v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(), r); 
+  CHECK(!str.IsEmpty());
+  v8::TryCatch try_catch;
+  v8::Local<v8::String> result = v8::String::Concat(str, str);
+  CHECK(result.IsEmpty());
+  CHECK(!try_catch.HasCaught());
+}


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to