DBC.
https://codereview.chromium.org/1157843006/diff/20001/src/api.cc
File src/api.cc (right):
https://codereview.chromium.org/1157843006/diff/20001/src/api.cc#newcode6276
src/api.cc:6276: int length = size * 2;
On 2015/06/03 15:35:30, adamk wrote:
On 2015/06/03 10:44:51, jochen wrote:
> can this overflow?
NumberOfElements is stored in a Smi and is guaranteed to be positive,
so I don't
think so.
Uhm... I don't follow this reasoning. On 64-bit platforms, Smis and ints
both have 32 bits including the sign, so a value close to the maximum
can absolutely overflow when you *2 it. Please use CheckedNumerics (from
safe_math.h) for anything that comes even remotely close to the overflow
threshold, and is stability/security sensitive like allocations and
indexed accesses are.
https://codereview.chromium.org/1157843006/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
