Revision: 21902
Author: [email protected]
Date: Fri Jun 20 14:27:55 2014 UTC
Log: Fix stack capture on overflow for Error.stackTraceLimit ==
Infinity
Bug found by Andrew Paprocki <[email protected]>.
[email protected], [email protected]
Review URL: https://codereview.chromium.org/345533002
http://code.google.com/p/v8/source/detail?r=21902
Modified:
/branches/bleeding_edge/src/conversions.h
/branches/bleeding_edge/src/isolate.cc
/branches/bleeding_edge/test/mjsunit/stack-traces-overflow.js
=======================================
--- /branches/bleeding_edge/src/conversions.h Tue Jun 3 08:12:43 2014 UTC
+++ /branches/bleeding_edge/src/conversions.h Fri Jun 20 14:27:55 2014 UTC
@@ -41,7 +41,8 @@
// The fast double-to-(unsigned-)int conversion routine does not guarantee
// rounding towards zero.
-// For NaN and values outside the int range, return INT_MIN or INT_MAX.
+// If x is NaN, the result is INT_MIN. Otherwise the result is the
argument x,
+// clamped to [INT_MIN, INT_MAX] and then rounded to an integer.
inline int FastD2IChecked(double x) {
if (!(x >= INT_MIN)) return INT_MIN; // Negation to catch NaNs.
if (x > INT_MAX) return INT_MAX;
=======================================
--- /branches/bleeding_edge/src/isolate.cc Tue Jun 17 13:54:49 2014 UTC
+++ /branches/bleeding_edge/src/isolate.cc Fri Jun 20 14:27:55 2014 UTC
@@ -792,9 +792,8 @@
JSObject::GetDataProperty(Handle<JSObject>::cast(error),
stackTraceLimit);
if (!stack_trace_limit->IsNumber()) return heap()->exception();
- double dlimit = stack_trace_limit->Number();
- int limit = std::isnan(dlimit) ? 0 : static_cast<int>(dlimit);
-
+ int limit = FastD2IChecked(stack_trace_limit->Number());
+ if (limit < 0) limit = 0;
Handle<JSArray> stack_trace = CaptureSimpleStackTrace(
exception, factory()->undefined_value(), limit);
JSObject::SetHiddenProperty(exception,
=======================================
--- /branches/bleeding_edge/test/mjsunit/stack-traces-overflow.js Mon Nov
12 14:54:29 2012 UTC
+++ /branches/bleeding_edge/test/mjsunit/stack-traces-overflow.js Fri Jun
20 14:27:55 2014 UTC
@@ -105,6 +105,21 @@
} catch (e) {
assertEquals(1, e.stack.split('\n').length);
}
+
+// A limit outside the range of integers.
+Error.stackTraceLimit = 1e12;
+try {
+ rec1(0);
+} catch (e) {
+ assertTrue(e.stack.split('\n').length > 100);
+}
+
+Error.stackTraceLimit = Infinity;
+try {
+ rec1(0);
+} catch (e) {
+ assertTrue(e.stack.split('\n').length > 100);
+}
Error.stackTraceLimit = "not a number";
try {
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
