[v8-dev] Fix cluster-fuzz regression with Workers when serializing empty string (issue 1210623002 by [email protected])

Wed, 24 Jun 2015 10:10:50 -0700 

Reviewers: jochen,

Description:
Fix cluster-fuzz regression with Workers when serializing empty string

BUG=chromium:503991
[email protected]
LOG=n

Please review this at https://codereview.chromium.org/1210623002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+9, -7 lines):
  M src/d8.cc
  A + test/mjsunit/regress/regress-crbug-503991.js


Index: src/d8.cc
diff --git a/src/d8.cc b/src/d8.cc
index 333f7e440274b2334ace286e7be5e46064fa3959..4133283f1c4c6e7695cda898dc8c408eb0c82590 100644 
--- a/src/d8.cc
+++ b/src/d8.cc
@@ -1538,8 +1538,10 @@ void SerializationData::WriteTag(SerializationTag tag) { data.Add(tag); } 


 void SerializationData::WriteMemory(const void* p, int length) {
-  i::Vector<uint8_t> block = data.AddBlock(0, length);
-  memcpy(&block[0], p, length);
+  if (length > 0) {
+    i::Vector<uint8_t> block = data.AddBlock(0, length);
+    memcpy(&block[0], p, length);
+  }
 }


Index: test/mjsunit/regress/regress-crbug-503991.js
diff --git a/test/message/super-in-function.js b/test/mjsunit/regress/regress-crbug-503991.js 
similarity index 59%
copy from test/message/super-in-function.js
copy to test/mjsunit/regress/regress-crbug-503991.js
index edaa0e4eadc7befdb7ed28a3e06eaa827c4388f0..aa0a28a342127ad4d61ba3dfd592dd7779a9eeb3 100644 
--- a/test/message/super-in-function.js
+++ b/test/mjsunit/regress/regress-crbug-503991.js
@@ -1,10 +1,10 @@
 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
-//
-// Flags: --harmony-classes
-'use strict';

-function f() {
-  super.x();
+if (this.Worker) {
+  __v_3 = "";
+  function __f_1() {}
+  var __v_6 = new Worker(__f_1);
+  __v_6.postMessage(__v_3);
 }


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to