Index: test/cctest/test-strings.cc |
=================================================================== |
--- test/cctest/test-strings.cc (revision 11348) |
+++ test/cctest/test-strings.cc (working copy) |
@@ -620,3 +620,55 @@ |
CHECK(result.IsEmpty()); |
CHECK(context->HasOutOfMemoryException()); |
} |
+ |
+ |
+static void CheckException(const char* source) { |
+ // An empty handle is returned upon exception. |
+ CHECK(CompileRun(source).IsEmpty()); |
+} |
+ |
+ |
+TEST(RobustSubStringStub) { |
+ // This tests whether the SubStringStub can handle unsafe arguments. |
+ // If not recognized, those unsafe arguments lead to out-of-bounds reads. |
+ FLAG_allow_natives_syntax = true; |
+ InitializeVM(); |
+ HandleScope scope; |
+ v8::Local<v8::Value> result; |
+ Handle<String> string; |
+ CompileRun("var short = 'abcdef';"); |
+ |
+ // Invalid indices. |
+ CheckException("%_SubString(short, 0, 10000);"); |
+ CheckException("%_SubString(short, -1234, 5);"); |
+ CheckException("%_SubString(short, 5, 2);"); |
+ // Special HeapNumbers. |
+ CheckException("%_SubString(short, 1, Infinity);"); |
+ CheckException("%_SubString(short, NaN, 5);"); |
+ // String arguments. |
+ CheckException("%_SubString(short, '2', '5');"); |
+ // Ordinary HeapNumbers can be handled (in runtime). |
+ result = CompileRun("%_SubString(short, Math.sqrt(4), 5.1);"); |
+ string = v8::Utils::OpenHandle(v8::String::Cast(*result)); |
+ CHECK_EQ("cde", *(string->ToCString())); |
+ |
+ CompileRun("var long = 'abcdefghijklmnopqrstuvwxyz';"); |
+ // Invalid indices. |
+ CheckException("%_SubString(long, 0, 10000);"); |
+ CheckException("%_SubString(long, -1234, 17);"); |
+ CheckException("%_SubString(long, 17, 2);"); |
+ // Special HeapNumbers. |
+ CheckException("%_SubString(long, 1, Infinity);"); |
+ CheckException("%_SubString(long, NaN, 17);"); |
+ // String arguments. |
+ CheckException("%_SubString(long, '2', '17');"); |
+ // Ordinary HeapNumbers within bounds can be handled (in runtime). |
+ result = CompileRun("%_SubString(long, Math.sqrt(4), 17.1);"); |
+ string = v8::Utils::OpenHandle(v8::String::Cast(*result)); |
+ CHECK_EQ("cdefghijklmnopq", *(string->ToCString())); |
+ |
+ // Test that out-of-bounds substring of a slice fails when the indices |
+ // would have been valid for the underlying string. |
+ CompileRun("var slice = long.slice(1, 15);"); |
+ CheckException("%_SubString(slice, 0, 17);"); |
+} |