Reviewers: jochen,
Description:
Version 3.26.6.1 (merged r20491)
MIPS: Check in Lithium that allocation size in Smi range.
[email protected]
BUG=
Please review this at https://codereview.chromium.org/225503002/
SVN Base: https://v8.googlecode.com/svn/trunk
Affected files (+8, -2 lines):
M src/mips/lithium-codegen-mips.cc
M src/version.cc
Index: src/mips/lithium-codegen-mips.cc
diff --git a/src/mips/lithium-codegen-mips.cc
b/src/mips/lithium-codegen-mips.cc
index
5c337e8df81cd13d61d701bcb23d40cab11265b4..89620d8702e4969bda23bed7c772b33f4fe664d1
100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -5371,7 +5371,13 @@ void LCodeGen::DoDeferredAllocate(LAllocate* instr) {
__ push(size);
} else {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Push(Smi::FromInt(size));
+ if (size >= 0 && size <= Smi::kMaxValue) {
+ __ Push(Smi::FromInt(size));
+ } else {
+ // We should never get here at runtime => abort
+ __ stop("invalid allocation size");
+ return;
+ }
}
int flags = AllocateDoubleAlignFlag::encode(
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
ec016ec63d72c45fac1a636d89d86e355dc5d7b3..8608879ba6d0e50c10a6fc628d079aed57ad998b
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 26
#define BUILD_NUMBER 6
-#define PATCH_LEVEL 0
+#define PATCH_LEVEL 1
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
