[v8-dev] Fix stack capture on overflow for Error.stackTraceLimit == Infinity (issue 345533002 by [email protected])

Wed, 18 Jun 2014 02:57:08 -0700 

Reviewers: Michael Starzinger,

Description:
Fix stack capture on overflow for Error.stackTraceLimit == Infinity

Bug found by Andrew Paprocki <[email protected]>.

[email protected]
BUG=

Please review this at https://codereview.chromium.org/345533002/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+22, -2 lines):
  M src/isolate.cc
  M test/mjsunit/stack-traces-overflow.js


Index: src/isolate.cc
diff --git a/src/isolate.cc b/src/isolate.cc
index 9ec3c9b2896b4bc294853e6cd82b929d55b51547..ca68e608778222511bd9f9eb9f7457f9e02b68a6 100644 
--- a/src/isolate.cc
+++ b/src/isolate.cc
@@ -793,8 +793,13 @@ Object* Isolate::StackOverflow() {
                                 stackTraceLimit);
   if (!stack_trace_limit->IsNumber()) return heap()->exception();
   double dlimit = stack_trace_limit->Number();
-  int limit = std::isnan(dlimit) ? 0 : static_cast<int>(dlimit);
-
+  int limit;
+  if (std::isnan(dlimit) || dlimit < 0)
+    limit = 0;
+  else if (dlimit > INT_MAX)
+    limit = INT_MAX;
+  else
+    limit = static_cast<int>(dlimit);
   Handle<JSArray> stack_trace = CaptureSimpleStackTrace(
       exception, factory()->undefined_value(), limit);
   JSObject::SetHiddenProperty(exception,
Index: test/mjsunit/stack-traces-overflow.js
diff --git a/test/mjsunit/stack-traces-overflow.js b/test/mjsunit/stack-traces-overflow.js index 7722e93bd26129f91c2dae44b8294fbb76806c19..1c676802101c57d0f0c4d3a165bd90c1746d55bd 100644 
--- a/test/mjsunit/stack-traces-overflow.js
+++ b/test/mjsunit/stack-traces-overflow.js
@@ -106,6 +106,21 @@ try {
   assertEquals(1, e.stack.split('\n').length);
 }

+// A limit outside the range of integers.
+Error.stackTraceLimit = 1e12;
+try {
+  rec1(0);
+} catch (e) {
+  assertTrue(e.stack.split('\n').length > 100);
+}
+
+Error.stackTraceLimit = Infinity;
+try {
+  rec1(0);
+} catch (e) {
+  assertTrue(e.stack.split('\n').length > 100);
+}
+
 Error.stackTraceLimit = "not a number";
 try {
   rec1(0);


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to