Revision: 21262
Author: [email protected]
Date: Mon May 12 11:36:47 2014 UTC
Log: Guard against stack overflow in
Runtime::StringReplaceOneCharWithString.
Unfortunately, this only triggers with "ulimit -s 1024" (or less), so we
cannot have an mjsunit test. The test that fails is
test/mjsunit/string-replace-one-char.js on x64.debug.
[email protected]
BUG=
Review URL: https://codereview.chromium.org/264383006
http://code.google.com/p/v8/source/detail?r=21262
Modified:
/branches/bleeding_edge/src/runtime.cc
=======================================
--- /branches/bleeding_edge/src/runtime.cc Mon May 12 09:37:26 2014 UTC
+++ /branches/bleeding_edge/src/runtime.cc Mon May 12 11:36:47 2014 UTC
@@ -4295,7 +4295,10 @@
Handle<String> replace,
bool* found,
int recursion_limit) {
- if (recursion_limit == 0) return MaybeHandle<String>();
+ StackLimitCheck stackLimitCheck(isolate);
+ if (stackLimitCheck.HasOverflowed() || (recursion_limit == 0)) {
+ return MaybeHandle<String>();
+ }
recursion_limit--;
if (subject->IsConsString()) {
ConsString* cons = ConsString::cast(*subject);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
