Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(66)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 10538012: Correctly check length when allocating string. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: . Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/cctest/test-strings.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 2967 matching lines...) Expand 10 before | Expand all | Expand 10 after
2978 String::cast(pattern_regexp->DataAt(JSRegExp::kAtomPatternIndex)); 2978 String::cast(pattern_regexp->DataAt(JSRegExp::kAtomPatternIndex));
2979 int subject_len = subject->length(); 2979 int subject_len = subject->length();
2980 int pattern_len = pattern->length(); 2980 int pattern_len = pattern->length();
2981 int replacement_len = replacement->length(); 2981 int replacement_len = replacement->length();
2982 2982
2983 FindStringIndicesDispatch(isolate, *subject, pattern, &indices, 0xffffffff); 2983 FindStringIndicesDispatch(isolate, *subject, pattern, &indices, 0xffffffff);
2984 2984
2985 int matches = indices.length(); 2985 int matches = indices.length();
2986 if (matches == 0) return *subject; 2986 if (matches == 0) return *subject;
2987 2987
2988 int result_len = (replacement_len - pattern_len) * matches + subject_len; 2988 // Detect integer overflow.
2989 int64_t result_len_64 =
2990 (static_cast<int64_t>(replacement_len) -
2991 static_cast<int64_t>(pattern_len)) *
2992 static_cast<int64_t>(matches) +
2993 static_cast<int64_t>(subject_len);
2994 if (result_len_64 > INT_MAX) return Failure::OutOfMemoryException();
2995 int result_len = static_cast<int>(result_len_64);
2996
2989 int subject_pos = 0; 2997 int subject_pos = 0;
2990 int result_pos = 0; 2998 int result_pos = 0;
2991 2999
2992 Handle<ResultSeqString> result; 3000 Handle<ResultSeqString> result;
2993 if (ResultSeqString::kHasAsciiEncoding) { 3001 if (ResultSeqString::kHasAsciiEncoding) {
2994 result = Handle<ResultSeqString>::cast( 3002 result = Handle<ResultSeqString>::cast(
2995 isolate->factory()->NewRawAsciiString(result_len)); 3003 isolate->factory()->NewRawAsciiString(result_len));
2996 } else { 3004 } else {
2997 result = Handle<ResultSeqString>::cast( 3005 result = Handle<ResultSeqString>::cast(
2998 isolate->factory()->NewRawTwoByteString(result_len)); 3006 isolate->factory()->NewRawTwoByteString(result_len));
(...skipping 10556 matching lines...) Expand 10 before | Expand all | Expand 10 after
13555 // Handle last resort GC and make sure to allow future allocations 13563 // Handle last resort GC and make sure to allow future allocations
13556 // to grow the heap without causing GCs (if possible). 13564 // to grow the heap without causing GCs (if possible).
13557 isolate->counters()->gc_last_resort_from_js()->Increment(); 13565 isolate->counters()->gc_last_resort_from_js()->Increment();
13558 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags, 13566 isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags,
13559 "Runtime::PerformGC"); 13567 "Runtime::PerformGC");
13560 } 13568 }
13561 } 13569 }
13562 13570
13563 13571
13564 } } // namespace v8::internal 13572 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/cctest/test-strings.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698