src/json-stringifier.h - Issue 11410031: Fix length check in JSON.stringify.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/json-stringifier.h

Issue 11410031: Fix length check in JSON.stringify. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/json-stringifier.h

diff --git a/src/json-stringifier.h b/src/json-stringifier.h

index 74f38fe99cd3496f9ca69b44491d6a5ea3867c21..cdb724f0a867a37dffc7f55c401b727bdabaa343 100644

--- a/src/json-stringifier.h

+++ b/src/json-stringifier.h

@@ -690,7 +690,6 @@ void BasicJsonStringifier::SerializeStringUnchecked_(const SrcChar* src,

// The <uc16, char> version of this method must not be called.

ASSERT(sizeof(*dest) >= sizeof(*src));

- *(dest++) = '"';

for (int i = 0; i < length; i++) {

SrcChar c = src[i];

if (DoNotEscape(c)) {

@@ -701,7 +700,6 @@ void BasicJsonStringifier::SerializeStringUnchecked_(const SrcChar* src,

}

- *(dest++) = '"';

current_index_ += static_cast<int>(dest - dest_start);

}

@@ -710,12 +708,13 @@ template <bool is_ascii, typename Char>

void BasicJsonStringifier::SerializeString_(Vector<const Char> vector,

Handle<String> string) {

int length = vector.length();

+ Append_<is_ascii, char>('"');

// We make a rough estimate to find out if the current string can be

// serialized without allocating a new string part. The worst case length of

- // an escaped character is 6. Shifting left by 3 is a more pessimistic

- // estimate than multiplying by 6, but faster to calculate.

- static const int kEnclosingQuotesLength = 2;

- if (current_index_ + (length << 3) + kEnclosingQuotesLength < part_length_) {

+ // an escaped character is 6. Shifting the remainin string length right by 3

+ // is a more pessimistic estimate, but faster to calculate.

+ if (((part_length_ - current_index_) >> 3) > length) {

if (is_ascii) {

SerializeStringUnchecked_(

vector.start(),

@@ -728,7 +727,6 @@ void BasicJsonStringifier::SerializeString_(Vector<const Char> vector,

length);

}

} else {

- Append_<is_ascii, char>('"');

String* string_location = *string;

for (int i = 0; i < length; i++) {

Char c = vector[i];

@@ -744,8 +742,9 @@ void BasicJsonStringifier::SerializeString_(Vector<const Char> vector,

string_location = *string;

}

- Append_<is_ascii, char>('"');

}

+ Append_<is_ascii, char>('"');

}

« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-160010.js » ('j') | no next file with comments »