Reviewers: dcarney,
Description:
v8::String::Concat must not throw.
[email protected]
BUG=chromium:420240
LOG=Y
API=v8::String::Concat may return empty handle on overflow.
Please review this at https://codereview.chromium.org/735763002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+30, -7 lines):
M src/api.cc
M test/cctest/test-api.cc
Index: src/api.cc
diff --git a/src/api.cc b/src/api.cc
index
1943683e45400b0c98ec1d280a5717f51df64a2c..c54cdd21a38e8b700c2c9b6df140a4772e3b02eb
100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -5550,7 +5550,11 @@ Local<String> v8::String::Concat(Handle<String>
left, Handle<String> right) {
LOG_API(isolate, "String::New(char)");
ENTER_V8(isolate);
i::Handle<i::String> right_string = Utils::OpenHandle(*right);
- // We do not expect this to fail. Change this if it does.
+ // If we are steering towards a range error, do not wait for the error
to be
+ // thrown, and return the null handle instead.
+ if (left_string->length() + right_string->length() >
i::String::kMaxLength) {
+ return Local<String>();
+ }
i::Handle<i::String> result = isolate->factory()->NewConsString(
left_string, right_string).ToHandleChecked();
return Utils::ToLocal(result);
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
8ef6a4444f1b9cc225638d0995cc1f4d494129fb..a6b3f247e9e314352b4ff235543b2c62f9363f65
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -742,23 +742,28 @@ THREADED_TEST(UsingExternalOneByteString) {
}
-class DummyResource : public v8::String::ExternalStringResource {
+class RandomLengthResource : public v8::String::ExternalStringResource {
public:
+ explicit RandomLengthResource(int length) : length_(length) {}
virtual const uint16_t* data() const { return string_; }
- virtual size_t length() const { return 1 << 30; }
+ virtual size_t length() const { return length_; }
private:
uint16_t string_[10];
+ int length_;
};
-class DummyOneByteResource : public
v8::String::ExternalOneByteStringResource {
+class RandomLengthOneByteResource
+ : public v8::String::ExternalOneByteStringResource {
public:
+ explicit RandomLengthOneByteResource(int length) : length_(length) {}
virtual const char* data() const { return string_; }
- virtual size_t length() const { return 1 << 30; }
+ virtual size_t length() const { return length_; }
private:
char string_[10];
+ int length_;
};
@@ -767,7 +772,7 @@ THREADED_TEST(NewExternalForVeryLongString) {
LocalContext env;
v8::HandleScope scope(env->GetIsolate());
v8::TryCatch try_catch;
- DummyOneByteResource r;
+ RandomLengthOneByteResource r(1 << 30);
v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(),
&r);
CHECK(str.IsEmpty());
CHECK(try_catch.HasCaught());
@@ -779,7 +784,7 @@ THREADED_TEST(NewExternalForVeryLongString) {
LocalContext env;
v8::HandleScope scope(env->GetIsolate());
v8::TryCatch try_catch;
- DummyResource r;
+ RandomLengthResource r(1 << 30);
v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(),
&r);
CHECK(str.IsEmpty());
CHECK(try_catch.HasCaught());
@@ -24232,3 +24237,17 @@ TEST(InvalidCacheData) {
TestInvalidCacheData(v8::ScriptCompiler::kConsumeParserCache);
TestInvalidCacheData(v8::ScriptCompiler::kConsumeCodeCache);
}
+
+
+TEST(StringConcatOverflow) {
+ v8::V8::Initialize();
+ v8::HandleScope scope(CcTest::isolate());
+ RandomLengthOneByteResource* r =
+ new RandomLengthOneByteResource(i::String::kMaxLength);
+ v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(),
r);
+ CHECK(!str.IsEmpty());
+ v8::TryCatch try_catch;
+ v8::Local<v8::String> result = v8::String::Concat(str, str);
+ CHECK(result.IsEmpty());
+ CHECK(!try_catch.HasCaught());
+}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
