Revision: 17739
Author: [email protected]
Date: Thu Nov 14 11:52:24 2013 UTC
Log: Runtime CHECK for overflow in NewTypedArray.
[email protected]
Review URL: https://codereview.chromium.org/62713006
http://code.google.com/p/v8/source/detail?r=17739
Modified:
/branches/bleeding_edge/src/api.cc
=======================================
--- /branches/bleeding_edge/src/api.cc Wed Nov 13 14:05:06 2013 UTC
+++ /branches/bleeding_edge/src/api.cc Thu Nov 14 11:52:24 2013 UTC
@@ -6132,8 +6132,10 @@
ASSERT(byte_offset % sizeof(ElementType) == 0);
+ CHECK(length <= (std::numeric_limits<size_t>::max() /
sizeof(ElementType)));
+ size_t byte_length = length * sizeof(ElementType);
SetupArrayBufferView(
- isolate, obj, buffer, byte_offset, length * sizeof(ElementType));
+ isolate, obj, buffer, byte_offset, byte_length);
i::Handle<i::Object> length_object =
isolate->factory()->NewNumberFromSize(length);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
