[v8-dev] [v8] r8458 committed - Error checking for length parameter of external array constructors in ...

Wed, 29 Jun 2011 03:28:37 -0700 

Revision: 8458
Author:   [email protected]
Date:     Wed Jun 29 03:27:14 2011
Log: Error checking for length parameter of external array constructors in shell 

BUG=v8:1501

Review URL: http://codereview.chromium.org/7268002
http://code.google.com/p/v8/source/detail?r=8458

Modified:
 /branches/bleeding_edge/samples/shell.cc
 /branches/bleeding_edge/src/d8.cc
 /branches/bleeding_edge/src/d8.h

=======================================
--- /branches/bleeding_edge/samples/shell.cc    Fri Jun 10 02:54:04 2011
+++ /branches/bleeding_edge/samples/shell.cc    Wed Jun 29 03:27:14 2011
@@ -497,14 +497,39 @@

 v8::Handle<v8::Value> CreateExternalArray(const v8::Arguments& args,
                                           v8::ExternalArrayType type,
-                                          int element_size) {
+                                          size_t element_size) {
+  ASSERT(element_size == 1 || element_size == 2 || element_size == 4 ||
+         element_size == 8);
   if (args.Length() != 1) {
     return v8::ThrowException(
         v8::String::New("Array constructor needs one parameter."));
   }
-  int length = args[0]->Int32Value();
-  void* data = malloc(length * element_size);
-  memset(data, 0, length * element_size);
+  size_t length = 0;
+  if (args[0]->IsUint32()) {
+    length = args[0]->Uint32Value();
+  } else if (args[0]->IsNumber()) {
+    double raw_length = args[0]->NumberValue();
+    if (raw_length < 0) {
+      return v8::ThrowException(
+          v8::String::New("Array length must not be negative."));
+    }
+    if (raw_length > v8::internal::ExternalArray::kMaxLength) {
+      return v8::ThrowException(
+          v8::String::New("Array length exceeds maximum length."));
+    }
+    length = static_cast<size_t>(raw_length);
+  } else {
+    return v8::ThrowException(
+        v8::String::New("Array length must be a number."));
+  }

+  if (length >  
static_cast<size_t>(v8::internal::ExternalArray::kMaxLength)) {

+    return v8::ThrowException(
+        v8::String::New("Array length exceeds maximum length."));
+  }
+  void* data = calloc(length, element_size);
+  if (data == NULL) {

+    return v8::ThrowException(v8::String::New("Memory allocation  
failed."));

+  }
   v8::Handle<v8::Object> array = v8::Object::New();
   v8::Persistent<v8::Object> persistent_array =
       v8::Persistent<v8::Object>::New(array);
=======================================
--- /branches/bleeding_edge/src/d8.cc   Wed Jun 29 01:45:22 2011
+++ /branches/bleeding_edge/src/d8.cc   Wed Jun 29 03:27:14 2011
@@ -223,14 +223,36 @@

 Handle<Value> Shell::CreateExternalArray(const Arguments& args,
                                          ExternalArrayType type,
-                                         int element_size) {
+                                         size_t element_size) {
+  ASSERT(element_size == 1 || element_size == 2 || element_size == 4 ||
+         element_size == 8);
   if (args.Length() != 1) {
     return ThrowException(
         String::New("Array constructor needs one parameter."));
   }
-  int length = args[0]->Int32Value();
-  void* data = malloc(length * element_size);
-  memset(data, 0, length * element_size);
+  size_t length = 0;
+  if (args[0]->IsUint32()) {
+    length = args[0]->Uint32Value();
+  } else if (args[0]->IsNumber()) {
+    double raw_length = args[0]->NumberValue();
+    if (raw_length < 0) {

+      return ThrowException(String::New("Array length must not be  
negative."));

+    }
+    if (raw_length > v8::internal::ExternalArray::kMaxLength) {
+      return ThrowException(
+          String::New("Array length exceeds maximum length."));
+    }
+    length = static_cast<size_t>(raw_length);
+  } else {
+    return ThrowException(String::New("Array length must be a number."));
+  }
+  if (length > static_cast<size_t>(internal::ExternalArray::kMaxLength)) {

+    return ThrowException(String::New("Array length exceeds maximum  
length."));

+  }
+  void* data = calloc(length, element_size);
+  if (data == NULL) {
+    return ThrowException(String::New("Memory allocation failed."));
+  }
   Handle<Object> array = Object::New();
   Persistent<Object> persistent_array = Persistent<Object>::New(array);
   persistent_array.MakeWeak(data, ExternalArrayWeakCallback);
=======================================
--- /branches/bleeding_edge/src/d8.h    Wed Jun 29 01:45:22 2011
+++ /branches/bleeding_edge/src/d8.h    Wed Jun 29 03:27:14 2011
@@ -217,7 +217,7 @@
   static Counter* GetCounter(const char* name, bool is_histogram);
   static Handle<Value> CreateExternalArray(const Arguments& args,
                                            ExternalArrayType type,
-                                           int element_size);
+                                           size_t element_size);

   static void ExternalArrayWeakCallback(Persistent<Value> object, void*  
data);

 };

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev














    











					Reply via email to