[v8-dev] [v8] r13398 committed - Avoid pointer underflow in CopyCharsUnsigned....

Wed, 16 Jan 2013 04:28:09 -0800 

Revision: 13398
Author:   [email protected]
Date:     Wed Jan 16 04:27:38 2013
Log:      Avoid pointer underflow in CopyCharsUnsigned.

[email protected]
BUG=v8:2493

Review URL: https://chromiumcodereview.appspot.com/11961012
http://code.google.com/p/v8/source/detail?r=13398

Modified:
 /branches/bleeding_edge/include/v8.h
 /branches/bleeding_edge/src/v8utils.h
 /branches/bleeding_edge/test/cctest/test-api.cc

=======================================
--- /branches/bleeding_edge/include/v8.h        Wed Jan 16 04:11:43 2013
+++ /branches/bleeding_edge/include/v8.h        Wed Jan 16 04:27:38 2013
@@ -1135,9 +1135,9 @@
                  int options = NO_OPTIONS) const;
   // One byte characters.
   int WriteOneByte(uint8_t* buffer,
-                            int start = 0,
-                            int length = -1,
-                            int options = NO_OPTIONS) const;
+                   int start = 0,
+                   int length = -1,
+                   int options = NO_OPTIONS) const;
   // UTF-8 encoded characters.
   int WriteUtf8(char* buffer,
                 int length = -1,
=======================================
--- /branches/bleeding_edge/src/v8utils.h       Wed Jan  9 02:30:54 2013
+++ /branches/bleeding_edge/src/v8utils.h       Wed Jan 16 04:27:38 2013
@@ -249,7 +249,8 @@
     }
     // Number of characters in a uintptr_t.
static const int kStepSize = sizeof(uintptr_t) / sizeof(*dest); // NOLINT 
-    while (dest <= limit - kStepSize) {
+    ASSERT(dest + kStepSize > dest);  // Check for overflow.
+    while (dest + kStepSize <= limit) {
       *reinterpret_cast<uintptr_t*>(dest) =
           *reinterpret_cast<const uintptr_t*>(src);
       dest += kStepSize;
=======================================
--- /branches/bleeding_edge/test/cctest/test-api.cc     Wed Jan 16 04:11:43 2013
+++ /branches/bleeding_edge/test/cctest/test-api.cc     Wed Jan 16 04:27:38 2013
@@ -6220,6 +6220,10 @@
   CHECK_EQ(0, strcmp("abc", buf));
   CHECK_EQ(0, buf[3]);
   CHECK_EQ(0, strcmp("def", buf + 4));
+
+  CHECK_EQ(0, str->WriteAscii(NULL, 0, 0, String::NO_NULL_TERMINATION));
+  CHECK_EQ(0, str->WriteUtf8(NULL, 0, 0, String::NO_NULL_TERMINATION));
+  CHECK_EQ(0, str->Write(NULL, 0, 0, String::NO_NULL_TERMINATION));
 }


@@ -18144,4 +18148,5 @@
 THREADED_TEST(SemaphoreInterruption) {
   ThreadInterruptTest().RunTest();
 }
+
 #endif  // WIN32

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to