Reviewers: jochen (slow),
Description:
Version 3.29.88.19 (cherry-pick)
Merged b9583b5f988cb6b8f369fe9c64b1b6db58c86589
String::NewExternal should not crash the renderer.
BUG=414615
LOG=N
[email protected]
Please review this at https://codereview.chromium.org/760283005/
Base URL: https://chromium.googlesource.com/v8/[email protected]
Affected files (+67, -19 lines):
M src/api.cc
M src/version.cc
M test/cctest/test-api.cc
Index: src/api.cc
diff --git a/src/api.cc b/src/api.cc
index
e11d14084b3e292c749d2597a2e51e7b49199c4b..60a6ff111056a5fcf79f593e59154a380e8e6a99
100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -5483,21 +5483,15 @@ Local<String> v8::String::Concat(Handle<String>
left, Handle<String> right) {
}
-static i::Handle<i::String> NewExternalStringHandle(
- i::Isolate* isolate,
- v8::String::ExternalStringResource* resource) {
- // We do not expect this to fail. Change this if it does.
- return isolate->factory()->NewExternalStringFromTwoByte(
- resource).ToHandleChecked();
+static i::MaybeHandle<i::String> NewExternalStringHandle(
+ i::Isolate* isolate, v8::String::ExternalStringResource* resource) {
+ return isolate->factory()->NewExternalStringFromTwoByte(resource);
}
-static i::Handle<i::String> NewExternalOneByteStringHandle(
+static i::MaybeHandle<i::String> NewExternalOneByteStringHandle(
i::Isolate* isolate, v8::String::ExternalOneByteStringResource*
resource) {
- // We do not expect this to fail. Change this if it does.
- return isolate->factory()
- ->NewExternalStringFromOneByte(resource)
- .ToHandleChecked();
+ return isolate->factory()->NewExternalStringFromOneByte(resource);
}
@@ -5508,9 +5502,13 @@ Local<String> v8::String::NewExternal(
LOG_API(i_isolate, "String::NewExternal");
ENTER_V8(i_isolate);
CHECK(resource && resource->data());
- i::Handle<i::String> result = NewExternalStringHandle(i_isolate,
resource);
- i_isolate->heap()->external_string_table()->AddString(*result);
- return Utils::ToLocal(result);
+ EXCEPTION_PREAMBLE(i_isolate);
+ i::Handle<i::String> string;
+ has_pending_exception =
+ !NewExternalStringHandle(i_isolate, resource).ToHandle(&string);
+ EXCEPTION_BAILOUT_CHECK(i_isolate, Local<String>());
+ i_isolate->heap()->external_string_table()->AddString(*string);
+ return Utils::ToLocal(string);
}
@@ -5546,10 +5544,13 @@ Local<String> v8::String::NewExternal(
LOG_API(i_isolate, "String::NewExternal");
ENTER_V8(i_isolate);
CHECK(resource && resource->data());
- i::Handle<i::String> result =
- NewExternalOneByteStringHandle(i_isolate, resource);
- i_isolate->heap()->external_string_table()->AddString(*result);
- return Utils::ToLocal(result);
+ EXCEPTION_PREAMBLE(i_isolate);
+ i::Handle<i::String> string;
+ has_pending_exception =
+ !NewExternalOneByteStringHandle(i_isolate,
resource).ToHandle(&string);
+ EXCEPTION_BAILOUT_CHECK(i_isolate, Local<String>());
+ i_isolate->heap()->external_string_table()->AddString(*string);
+ return Utils::ToLocal(string);
}
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
0502ba10157ecb5cb1b21edcddb8f213384f3d57..44c5730f128981f46074e6773a07a9ba28b5d4f8
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 29
#define BUILD_NUMBER 88
-#define PATCH_LEVEL 18
+#define PATCH_LEVEL 19
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
0e80384125c260e4edd7ec94818e1cf671bb383b..66dc5a0c4ab0c8bb95f51eac826f971a448b3c66
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -742,6 +742,53 @@ THREADED_TEST(UsingExternalOneByteString) {
}
+class DummyResource : public v8::String::ExternalStringResource {
+ public:
+ virtual const uint16_t* data() const { return string_; }
+ virtual size_t length() const { return 1 << 30; }
+
+ private:
+ uint16_t string_[10];
+};
+
+
+class DummyOneByteResource : public
v8::String::ExternalOneByteStringResource {
+ public:
+ virtual const char* data() const { return string_; }
+ virtual size_t length() const { return 1 << 30; }
+
+ private:
+ char string_[10];
+};
+
+
+THREADED_TEST(NewExternalForVeryLongString) {
+ {
+ LocalContext env;
+ v8::HandleScope scope(env->GetIsolate());
+ v8::TryCatch try_catch;
+ DummyOneByteResource r;
+ v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(),
&r);
+ CHECK(str.IsEmpty());
+ CHECK(try_catch.HasCaught());
+ String::Utf8Value exception_value(try_catch.Exception());
+ CHECK_EQ("RangeError: Invalid string length", *exception_value);
+ }
+
+ {
+ LocalContext env;
+ v8::HandleScope scope(env->GetIsolate());
+ v8::TryCatch try_catch;
+ DummyResource r;
+ v8::Local<v8::String> str = v8::String::NewExternal(CcTest::isolate(),
&r);
+ CHECK(str.IsEmpty());
+ CHECK(try_catch.HasCaught());
+ String::Utf8Value exception_value(try_catch.Exception());
+ CHECK_EQ("RangeError: Invalid string length", *exception_value);
+ }
+}
+
+
THREADED_TEST(ScavengeExternalString) {
i::FLAG_stress_compaction = false;
i::FLAG_gc_global = false;
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
