Reviewers: Kasper Lund, Søren Gjesse, Evan Martin, Message: Added comment. Someone from the v8 team probably need to commit this and then upstream it to Chromium. (at least that's what ager did for my last v8 patch.)
I think -fno-short-enums is on by default. Passing this switch doesn't fix the minimal test case. Description: Use a large enough variable in CompilationCache::LookupScript to avoid overflow. Please review this at http://codereview.chromium.org/115500 SVN Base: http://v8.googlecode.com/svn/trunk/ Affected files: M src/compilation-cache.cc Index: src/compilation-cache.cc =================================================================== --- src/compilation-cache.cc (revision 1983) +++ src/compilation-cache.cc (working copy) @@ -138,13 +138,17 @@ int line_offset, int column_offset) { Object* result = NULL; - Entry generation = SCRIPT; // First generation. + // Using int below so value range propagation in gcc 4.3+ won't assume + // |generation| can only go up to LAST_ENTRY when in fact it can go + // up to SCRIPT + NUMBER_OF_SCRIPT_GENERATIONS. + int generation = static_cast<int>(SCRIPT); // First generation. // Probe the script generation tables. Make sure not to leak handles // into the caller's handle scope. { HandleScope scope; while (generation < SCRIPT + NUMBER_OF_SCRIPT_GENERATIONS) { - Handle<CompilationCacheTable> table = GetTable(generation); + Handle<CompilationCacheTable> table = + GetTable(static_cast<Entry>(generation)); Handle<Object> probe(table->Lookup(*source)); if (probe->IsJSFunction()) { Handle<JSFunction> boilerplate = Handle<JSFunction>::cast(probe); @@ -156,7 +160,7 @@ } } // Go to the next generation. - generation = static_cast<Entry>(generation + 1); + generation++; } } --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
