[v8-dev] Bring r4460 to trunk. (issue1689004)

Wed, 21 Apr 2010 04:28:26 -0700 

Reviewers: Lasse Reichstein, Mads Ager,

Message:
Lasse, Mads,

may you have a look?

Description:
Bring r4460 to trunk.

This fixes an overwrite past the end of cache.


Please review this at http://codereview.chromium.org/1689004/show

SVN Base: http://v8.googlecode.com/svn/trunk/

Affected files:
  M     src/objects.h
  M     src/runtime.cc
  M     src/version.cc
  M     test/mjsunit/string-search.js


Index: test/mjsunit/string-search.js
===================================================================
--- test/mjsunit/string-search.js       (revision 4459)
+++ test/mjsunit/string-search.js       (working copy)
@@ -28,3 +28,13 @@
 var str="ABC abc";
 var r = str.search('a');
 assertEquals(r, 4);
+
+// Test for a lot of different string.
+
+var s = "";
+for (var i = 0; i < 100; i++) {
+  s += i;
+  var r = s.search(s);
+  assertEquals(0, r);
+}
+
Index: src/runtime.cc
===================================================================
--- src/runtime.cc      (revision 4459)
+++ src/runtime.cc      (working copy)
@@ -10101,8 +10101,10 @@
cache->set(JSFunctionResultCache::kCacheSizeIndex, Smi::FromInt(size + 2)); 
     return CacheMiss(cache, size, key);
   } else {
-    int target_index = (finger_index < cache->length()) ?
-        finger_index + 2 : JSFunctionResultCache::kEntriesIndex;
+    int target_index = finger_index + JSFunctionResultCache::kEntrySize;
+    if (target_index == cache->length()) {
+      target_index = JSFunctionResultCache::kEntriesIndex;
+    }
     return CacheMiss(cache, target_index, key);
   }
 }
Index: src/objects.h
===================================================================
--- src/objects.h       (revision 4459)
+++ src/objects.h       (working copy)
@@ -2322,6 +2322,8 @@
   static const int kCacheSizeIndex = kFingerIndex + 1;
   static const int kDummyIndex = kCacheSizeIndex + 1;
   static const int kEntriesIndex = kDummyIndex + 1;
+
+  static const int kEntrySize = 2;  // key + value
 };


Index: src/version.cc
===================================================================
--- src/version.cc      (revision 4459)
+++ src/version.cc      (working copy)
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     2
 #define MINOR_VERSION     2
 #define BUILD_NUMBER      4
-#define PATCH_LEVEL       0
+#define PATCH_LEVEL       1
 #define CANDIDATE_VERSION false

 // Define SONAME to have the SCons build the put a specific SONAME into the


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to