Reviewers: Michael Starzinger,
Description:
Prevent segfault on undefined inline runtime call.
[email protected]
BUG=v8:2286
Please review this at https://chromiumcodereview.appspot.com/10828282/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/parser.cc
A + test/mjsunit/regress-2286.js
Index: src/parser.cc
diff --git a/src/parser.cc b/src/parser.cc
index
b1e2a7c78aa7aa45e8b42baf325e202280e6ab62..cc27d098271d997f40b981ce59d6a8b79f7426ab
100644
--- a/src/parser.cc
+++ b/src/parser.cc
@@ -4804,6 +4804,13 @@ Expression* Parser::ParseV8Intrinsic(bool* ok) {
return NULL;
}
+ // Check that the function is defined if it's a inline runtime call.
+ if (function == NULL && name->Get(0) == '_') {
+ ReportMessage("not_defined", Vector<Handle<String> >(&name, 1));
+ *ok = false;
+ return NULL;
+ }
+
// We have a valid intrinsics call or a call to a builtin.
return factory()->NewCallRuntime(name, function, args);
}
Index: test/mjsunit/regress-2286.js
diff --git a/test/mjsunit/regress/regress-1898.js
b/test/mjsunit/regress-2286.js
similarity index 93%
copy from test/mjsunit/regress/regress-1898.js
copy to test/mjsunit/regress-2286.js
index
5440446fbf78ca593e8748cd54ea2aefad047542..c970eb966808df4d6d6cbafe372a0c7b9bd72015
100644
--- a/test/mjsunit/regress/regress-1898.js
+++ b/test/mjsunit/regress-2286.js
@@ -27,11 +27,7 @@
// Flags: --allow-natives-syntax
-function f(x) {
- Math.log(Math.min(0.1, Math.abs(x)));
-}
+assertThrows("f()", ReferenceError);
+assertThrows("%f()", TypeError);
+assertThrows("%_f()", SyntaxError);
-f(0.1);
-f(0.1);
-%OptimizeFunctionOnNextCall(f);
-f(0.1);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
