Reviewers: ulan,
Message:
PTAL
Description:
Another "stack overflow" vs. "has_pending_exception()" issue fixed.
BUG=chromium:471659
LOG=N
Please review this at https://codereview.chromium.org/1151333005/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+14, -10 lines):
M src/runtime/runtime-strings.cc
A + test/mjsunit/regress/regress-crbug-471659.js
M test/mjsunit/regress/regress-crbug-491062.js
Index: src/runtime/runtime-strings.cc
diff --git a/src/runtime/runtime-strings.cc b/src/runtime/runtime-strings.cc
index
5704807b82b60a62e0887efce7423d7e4e124ec6..3d867d4d50e3146060f62b6f79beac5d03811a53
100644
--- a/src/runtime/runtime-strings.cc
+++ b/src/runtime/runtime-strings.cc
@@ -61,8 +61,12 @@ int StringMatch(Isolate* isolate, Handle<String> sub,
Handle<String> pat,
MaybeHandle<String> StringReplaceOneCharWithString(
Isolate* isolate, Handle<String> subject, Handle<String> search,
Handle<String> replace, bool* found, int recursion_limit) {
+ if (recursion_limit == 0) {
+ return MaybeHandle<String>();
+ }
StackLimitCheck stackLimitCheck(isolate);
- if (stackLimitCheck.HasOverflowed() || (recursion_limit == 0)) {
+ if (stackLimitCheck.HasOverflowed()) {
+ isolate->StackOverflow();
return MaybeHandle<String>();
}
recursion_limit--;
Index: test/mjsunit/regress/regress-crbug-471659.js
diff --git a/test/mjsunit/regress/regress-crbug-491062.js
b/test/mjsunit/regress/regress-crbug-471659.js
similarity index 59%
copy from test/mjsunit/regress/regress-crbug-491062.js
copy to test/mjsunit/regress/regress-crbug-471659.js
index
e16f85b1eb87ac991fdcb65c7cc7527de807608a..c13813ea7522196827cb83520c2753274f32f51a
100644
--- a/test/mjsunit/regress/regress-crbug-491062.js
+++ b/test/mjsunit/regress/regress-crbug-471659.js
@@ -2,21 +2,21 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-// Flags: --allow-natives-syntax --stack-limit=32
+// Flags: --stack-size=32
-function g() {}
+var s = "0123456789ABCDEF";
+for (var i = 0; i < 16; i++) s += s;
var count = 0;
function f() {
try {
f();
+ if (count < 10) {
+ f();
+ }
} catch(e) {
- print(e.stack);
- }
- if (count < 50) {
- count++;
- %DebugGetLoadedScripts();
+ s.replace("+", "-");
}
+ count++;
}
f();
-g();
Index: test/mjsunit/regress/regress-crbug-491062.js
diff --git a/test/mjsunit/regress/regress-crbug-491062.js
b/test/mjsunit/regress/regress-crbug-491062.js
index
e16f85b1eb87ac991fdcb65c7cc7527de807608a..fdc2fc9fa360161b063306c7535d427b5b0da0f0
100644
--- a/test/mjsunit/regress/regress-crbug-491062.js
+++ b/test/mjsunit/regress/regress-crbug-491062.js
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-// Flags: --allow-natives-syntax --stack-limit=32
+// Flags: --allow-natives-syntax --stack-size=32
function g() {}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
