Diff
Modified: branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog (168207 => 168208)
--- branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog 2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/_javascript_Core/ChangeLog 2014-05-02 23:48:24 UTC (rev 168208)
@@ -1,5 +1,20 @@
2014-05-02 Matthew Hanson <matthew_han...@apple.com>
+ Merge r167548.
+
+ 2014-04-19 Filip Pizlo <fpi...@apple.com>
+
+ Make it easier to check if an integer sum would overflow
+ https://bugs.webkit.org/show_bug.cgi?id=131900
+
+ Reviewed by Darin Adler.
+
+ * dfg/DFGOperations.cpp:
+ * runtime/Operations.h:
+ (JSC::jsString):
+
+2014-05-02 Matthew Hanson <matthew_han...@apple.com>
+
Merge r167544.
2014-04-19 Filip Pizlo <fpi...@apple.com>
Modified: branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp (168207 => 168208)
--- branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp 2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/_javascript_Core/dfg/DFGOperations.cpp 2014-05-02 23:48:24 UTC (rev 168208)
@@ -1596,8 +1596,8 @@
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
-
- if (static_cast<int32_t>(left->length() + right->length()) < 0) {
+
+ if (sumOverflows<int32_t>(left->length(), right->length())) {
throwOutOfMemoryError(exec);
return nullptr;
}
@@ -1610,10 +1610,7 @@
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
- Checked<int32_t, RecordOverflow> length = a->length();
- length += b->length();
- length += c->length();
- if (length.hasOverflowed()) {
+ if (sumOverflows<int32_t>(a->length(), b->length(), c->length())) {
throwOutOfMemoryError(exec);
return nullptr;
}
Modified: branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h (168207 => 168208)
--- branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h 2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/_javascript_Core/runtime/Operations.h 2014-05-02 23:48:24 UTC (rev 168208)
@@ -47,7 +47,7 @@
int32_t length2 = s2->length();
if (!length2)
return s1;
- if ((length1 + length2) < 0)
+ if (sumOverflows<int32_t>(length1, length2))
return throwOutOfMemoryError(exec);
return JSRopeString::create(vm, s1, s2);
@@ -71,10 +71,8 @@
if (!length3)
return jsString(exec, jsString(vm, u1), jsString(vm, u2));
- if ((length1 + length2) < 0)
+ if (sumOverflows<int32_t>(length1, length2, length3))
return throwOutOfMemoryError(exec);
- if ((length1 + length2 + length3) < 0)
- return throwOutOfMemoryError(exec);
return JSRopeString::create(exec->vm(), jsString(vm, u1), jsString(vm, u2), jsString(vm, u3));
}
Modified: branches/safari-537.76-branch/Source/WTF/ChangeLog (168207 => 168208)
--- branches/safari-537.76-branch/Source/WTF/ChangeLog 2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/WTF/ChangeLog 2014-05-02 23:48:24 UTC (rev 168208)
@@ -1,3 +1,18 @@
+2014-05-02 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r167548.
+
+ 2014-04-19 Filip Pizlo <fpi...@apple.com>
+
+ Make it easier to check if an integer sum would overflow
+ https://bugs.webkit.org/show_bug.cgi?id=131900
+
+ Reviewed by Darin Adler.
+
+ * wtf/CheckedArithmetic.h:
+ (WTF::checkedSum):
+ (WTF::sumOverflows):
+
2014-03-18 Jer Noble <jer.no...@apple.com>
Unreviewed Win64 build fix; explicit operators are not valid in VS2010.
Modified: branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h (168207 => 168208)
--- branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h 2014-05-02 23:38:30 UTC (rev 168207)
+++ branches/safari-537.76-branch/Source/WTF/wtf/CheckedArithmetic.h 2014-05-02 23:48:24 UTC (rev 168208)
@@ -712,10 +712,31 @@
return Checked<U, OverflowHandler>(lhs) * rhs;
}
+template<typename T, typename U>
+Checked<T, RecordOverflow> checkedSum(U value)
+{
+ return Checked<T, RecordOverflow>(value);
}
+template<typename T, typename U, typename... Args>
+Checked<T, RecordOverflow> checkedSum(U value, Args... args)
+{
+ return Checked<T, RecordOverflow>(value) + checkedSum<T>(args...);
+}
+// Sometimes, you just want to check if some math would overflow - the code to do the math is
+// already in place, and you want to guard it.
+
+template<typename T, typename... Args> bool sumOverflows(Args... args)
+{
+ return checkedSum<T>(args...).hasOverflowed();
+}
+
+}
+
using WTF::Checked;
using WTF::CheckedState;
using WTF::RecordOverflow;
+using WTF::checkedSum;
+using WTF::sumOverflows;
#endif