Reviewers: Jakob,
Description:
Fix API check for length of external arrays.
[email protected]
BUG=chromium:148896
TEST=cctest/test-api/ExternalArrayLimits
Please review this at https://chromiumcodereview.appspot.com/10914257/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/api.cc
M test/cctest/test-api.cc
Index: src/api.cc
diff --git a/src/api.cc b/src/api.cc
index
e8ab5a7bce22ad1ee7906dc14a7f9fe510327904..bb343b5be805cd5ba666cee1877bc7dd6fc37fc0
100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -3404,7 +3404,7 @@ void
v8::Object::SetIndexedPropertiesToPixelData(uint8_t* data, int length) {
ON_BAILOUT(isolate, "v8::SetElementsToPixelData()", return);
ENTER_V8(isolate);
i::HandleScope scope(isolate);
- if (!ApiCheck(length <= i::ExternalPixelArray::kMaxLength,
+ if (!ApiCheck(length >= 0 && length <= i::ExternalPixelArray::kMaxLength,
"v8::Object::SetIndexedPropertiesToPixelData()",
"length exceeds max acceptable value")) {
return;
@@ -3460,7 +3460,7 @@ void
v8::Object::SetIndexedPropertiesToExternalArrayData(
ON_BAILOUT(isolate, "v8::SetIndexedPropertiesToExternalArrayData()",
return);
ENTER_V8(isolate);
i::HandleScope scope(isolate);
- if (!ApiCheck(length <= i::ExternalArray::kMaxLength,
+ if (!ApiCheck(length >= 0 && length <= i::ExternalArray::kMaxLength,
"v8::Object::SetIndexedPropertiesToExternalArrayData()",
"length exceeds max acceptable value")) {
return;
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
09125e1407c1ae84921005737437dc74f79ddf0d..18025e14a076210b454a8cc4bcc2e7a3dd9d8f47
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -14039,6 +14039,41 @@ THREADED_TEST(ExternalArrayInfo) {
}
+void ExternalArrayLimitTestHelper(v8::ExternalArrayType array_type, int
size) {
+ v8::Handle<v8::Object> obj = v8::Object::New();
+ v8::V8::SetFatalErrorHandler(StoringErrorCallback);
+ last_location = last_message = NULL;
+ obj->SetIndexedPropertiesToExternalArrayData(NULL, array_type, size);
+ CHECK(!obj->HasIndexedPropertiesInExternalArrayData());
+ CHECK_NE(NULL, last_location);
+ CHECK_NE(NULL, last_message);
+}
+
+
+TEST(ExternalArrayLimits) {
+ v8::HandleScope scope;
+ LocalContext context;
+ ExternalArrayLimitTestHelper(v8::kExternalByteArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalByteArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalUnsignedByteArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalUnsignedByteArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalShortArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalShortArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalUnsignedShortArray,
0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalUnsignedShortArray,
0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalIntArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalIntArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalUnsignedIntArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalUnsignedIntArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalFloatArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalFloatArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalDoubleArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalDoubleArray, 0xffffffff);
+ ExternalArrayLimitTestHelper(v8::kExternalPixelArray, 0x40000000);
+ ExternalArrayLimitTestHelper(v8::kExternalPixelArray, 0xffffffff);
+}
+
+
THREADED_TEST(ScriptContextDependence) {
v8::HandleScope scope;
LocalContext c1;
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
