Revision: 5094
Author: [email protected]
Date: Mon Jul 19 03:02:11 2010
Log: Landing for pmehta.
Changed a static cast from static_cast<int> to static_cast<size_t>
that previously introduced a signed/unsigned comparison issue in the
main allocator for V8 (MemoryAllocator::AllocateRawMemory) that could
be used to bypass the V8 allocation limitations or trigger integer
overflows.
Review URL: http://codereview.chromium.org/3027006/show
http://code.google.com/p/v8/source/detail?r=5094
Modified:
/branches/bleeding_edge/src/spaces.cc
=======================================
--- /branches/bleeding_edge/src/spaces.cc Mon Jul 5 04:45:11 2010
+++ /branches/bleeding_edge/src/spaces.cc Mon Jul 19 03:02:11 2010
@@ -342,7 +342,9 @@
void* MemoryAllocator::AllocateRawMemory(const size_t requested,
size_t* allocated,
Executability executable) {
- if (size_ + static_cast<int>(requested) > capacity_) return NULL;
+ if (size_ + static_cast<size_t>(requested) >
static_cast<size_t>(capacity_)) {
+ return NULL;
+ }
void* mem;
if (executable == EXECUTABLE && CodeRange::exists()) {
mem = CodeRange::AllocateRawMemory(requested, allocated);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
