Revision: 20499
Author: [email protected]
Date: Fri Apr 4 08:28:47 2014 UTC
Log: Version 3.26.6.1 (merged r20491)
MIPS: Check in Lithium that allocation size in Smi range.
[email protected]
BUG=
Review URL: https://codereview.chromium.org/225503002
http://code.google.com/p/v8/source/detail?r=20499
Modified:
/trunk/src/mips/lithium-codegen-mips.cc
/trunk/src/version.cc
=======================================
--- /trunk/src/mips/lithium-codegen-mips.cc Thu Apr 3 07:05:51 2014 UTC
+++ /trunk/src/mips/lithium-codegen-mips.cc Fri Apr 4 08:28:47 2014 UTC
@@ -5371,7 +5371,13 @@
__ push(size);
} else {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- __ Push(Smi::FromInt(size));
+ if (size >= 0 && size <= Smi::kMaxValue) {
+ __ Push(Smi::FromInt(size));
+ } else {
+ // We should never get here at runtime => abort
+ __ stop("invalid allocation size");
+ return;
+ }
}
int flags = AllocateDoubleAlignFlag::encode(
=======================================
--- /trunk/src/version.cc Fri Apr 4 00:04:59 2014 UTC
+++ /trunk/src/version.cc Fri Apr 4 08:28:47 2014 UTC
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 26
#define BUILD_NUMBER 6
-#define PATCH_LEVEL 0
+#define PATCH_LEVEL 1
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
