Reviewers: dcarney_chromium.org,
Description:
Avoid pointer underflow in CopyCharsUnsigned.
[email protected]
BUG=v8:2493
Please review this at https://chromiumcodereview.appspot.com/11961012/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/v8utils.h
M test/cctest/test-api.cc
Index: src/v8utils.h
diff --git a/src/v8utils.h b/src/v8utils.h
index
2064c5ac2c97d9d7759009bc79aade7493a3f746..3a9b776849652f23bca2f74545c901dd0819ac3a
100644
--- a/src/v8utils.h
+++ b/src/v8utils.h
@@ -249,7 +249,8 @@ void CopyCharsUnsigned(sinkchar* dest, const
sourcechar* src, int chars) {
}
// Number of characters in a uintptr_t.
static const int kStepSize = sizeof(uintptr_t) / sizeof(*dest); //
NOLINT
- while (dest <= limit - kStepSize) {
+ ASSERT(dest + kStepSize > dest); // Check for overflow.
+ while (dest + kStepSize <= limit) {
*reinterpret_cast<uintptr_t*>(dest) =
*reinterpret_cast<const uintptr_t*>(src);
dest += kStepSize;
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
226d01db62955e0b76d91c14bb89b9fe245a8f30..04664ce2c8e34ee9f346ce250546140a26cf1ed6
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -6203,6 +6203,10 @@ THREADED_TEST(StringWrite) {
CHECK_EQ(0, strcmp("abc", buf));
CHECK_EQ(0, buf[3]);
CHECK_EQ(0, strcmp("def", buf + 4));
+
+ CHECK_EQ(0, str->WriteAscii(NULL, 0, 0, String::NO_NULL_TERMINATION));
+ CHECK_EQ(0, str->WriteUtf8(NULL, 0, 0, String::NO_NULL_TERMINATION));
+ CHECK_EQ(0, str->Write(NULL, 0, 0, String::NO_NULL_TERMINATION));
}
@@ -18127,4 +18131,5 @@ class ThreadInterruptTest {
THREADED_TEST(SemaphoreInterruption) {
ThreadInterruptTest().RunTest();
}
+
#endif // WIN32
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
