Reviewers: Mads Ager,
Message:
Tiny review.
Description:
Added missing argument check to StringbuilderConcat function.
Please review this at http://codereview.chromium.org/1562020/show
Affected files:
M src/runtime.cc
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
9190cec7611a85a1359675e432c4d8ab6c27cba7..2a17e061e2812fcdd9ae1a130d354853dfaf3b78
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -5483,8 +5483,12 @@ static Object* Runtime_StringBuilderConcat(Arguments
args) {
if (i >= array_length) {
return Top::Throw(Heap::illegal_argument_symbol());
}
- Object* pos = fixed_array->get(i);
- if (!pos->IsSmi()) {
+ Object* pos_val = fixed_array->get(i);
+ if (!pos_val->IsSmi()) {
+ return Top::Throw(Heap::illegal_argument_symbol());
+ }
+ int pos = Smi::cast(pos_val)->value();
+ if (pos < 0 || pos + increment > special_length) {
return Top::Throw(Heap::illegal_argument_symbol());
}
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
To unsubscribe, reply using "remove me" as the subject.
