[v8-dev] Revert "Compare external pixel data length against Smi::kMaxValue" (issue 226063003)

[jkummerow]

Reviewers: rossberg,

Message:
Committed patchset #1 manually as r20520 (presubmit successful).
Description:
Revert "Compare external pixel data length against Smi::kMaxValue"

This reverts r20519. Reason: wrong fix.

TBR=rossb...@chromium.org

Committed: https://code.google.com/p/v8/source/detail?r=20520

Please review this at https://codereview.chromium.org/226063003/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+6, -2 lines):
  M src/api.cc
  M src/objects.h


Index: src/api.cc
diff --git a/src/api.cc b/src/api.cc
index  
6660163a820eaf3f8b98c9ced80179a17484b435..75c67e096af3a7655f150da19ebeaea65a1827de  
100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -3741,7 +3741,8 @@ void  
v8::Object::SetIndexedPropertiesToPixelData(uint8_t* data, int length) {
   ON_BAILOUT(isolate, "v8::SetElementsToPixelData()", return);
   ENTER_V8(isolate);
   i::HandleScope scope(isolate);
-  if (!Utils::ApiCheck(length >= 0 && length <= i::Smi::kMaxValue,
+  if (!Utils::ApiCheck(length >= 0 &&
+                       length <= i::ExternalUint8ClampedArray::kMaxLength,
                        "v8::Object::SetIndexedPropertiesToPixelData()",
                        "length exceeds max acceptable value")) {
     return;
@@ -3797,7 +3798,7 @@ void  
v8::Object::SetIndexedPropertiesToExternalArrayData(
   ON_BAILOUT(isolate, "v8::SetIndexedPropertiesToExternalArrayData()",  
return);
   ENTER_V8(isolate);
   i::HandleScope scope(isolate);
-  if (!Utils::ApiCheck(length >= 0 && length <= i::Smi::kMaxValue,
+  if (!Utils::ApiCheck(length >= 0 && length <=  
i::ExternalArray::kMaxLength,
                        "v8::Object::SetIndexedPropertiesToExternalArrayData()",
                        "length exceeds max acceptable value")) {
     return;
Index: src/objects.h
diff --git a/src/objects.h b/src/objects.h
index  
5eda04b9df4d99752b522ad54619bf4d3824dce9..6788962cf42e99e84a57cc1f60dd15e67376d12b  
100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -4700,6 +4700,9 @@ class ExternalArray: public FixedArrayBase {
   // Casting.
   static inline ExternalArray* cast(Object* obj);

+  // Maximal acceptable length for an external array.
+  static const int kMaxLength = 0x3fffffff;
+
   // ExternalArray headers are not quadword aligned.
   static const int kExternalPointerOffset =
       POINTER_SIZE_ALIGN(FixedArrayBase::kLengthOffset + kPointerSize);


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.