Reviewers: Mads Ager, jschuh1,
Description:
Changed a static cast from static_cast<int> to static_cast<size_t> that
previously introduced a signed/unsigned comparison issue in the main
allocator
for V8 (MemoryAllocator::AllocateRawMemory) that could be used to bypass
the V8
allocation limitations or trigger integer overflows.
BUG=49215
TEST=allocate a value > 0x7FFFFFFF
Please review this at http://codereview.chromium.org/3027006/show
SVN Base: http://v8.googlecode.com/svn/trunk/
Affected files:
M src/spaces.cc
Index: src/spaces.cc
===================================================================
--- src/spaces.cc (revision 4962)
+++ src/spaces.cc (working copy)
@@ -342,7 +342,7 @@
void* MemoryAllocator::AllocateRawMemory(const size_t requested,
size_t* allocated,
Executability executable) {
- if (size_ + static_cast<int>(requested) > capacity_) return NULL;
+ if (size_ + static_cast<size_t>(requested) > capacity_) return NULL;
void* mem;
if (executable == EXECUTABLE && CodeRange::exists()) {
mem = CodeRange::AllocateRawMemory(requested, allocated);
@@ -385,6 +385,7 @@
return NULL;
}
+
// We are sure that we have mapped a block of requested addresses.
ASSERT(initial_chunk_->size() == requested);
LOG(NewEvent("InitialChunk", initial_chunk_->address(), requested));
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
