Skip to content

V
V8
Commit 095f56ab authored by Marja Hölttä's avatar Marja Hölttä Committed by V8 LUCI CQ
Browse files
Options

[rab/gsab, mips] Fix length checks on MIPS 

Bug: v8:11111
Change-Id: I9bd8db01232d147e309711837e69177a84600787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616501
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80293}
parent d821a6a3
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 5 deletions
src/runtime/runtime-atomics.cc
View file @ 095f56ab
...@@ -415,7 +415,7 @@ Object GetModifySetValueInBuffer(RuntimeArguments args, Isolate* isolate, ...@@ -415,7 +415,7 @@ Object GetModifySetValueInBuffer(RuntimeArguments args, Isolate* isolate,
THROW_ERROR_RETURN_FAILURE_ON_DETACHED_OR_OUT_OF_BOUNDS(isolate, sta, index, THROW_ERROR_RETURN_FAILURE_ON_DETACHED_OR_OUT_OF_BOUNDS(isolate, sta, index,
method_name); method_name);
CHECK_LT(index, sta->length()); CHECK_LT(index, sta->GetLength());
if (sta->type() == kExternalBigInt64Array) { if (sta->type() == kExternalBigInt64Array) {
return Op<int64_t>::Do(isolate, source, index, bigint); return Op<int64_t>::Do(isolate, source, index, bigint);
} }
...@@ -430,7 +430,7 @@ Object GetModifySetValueInBuffer(RuntimeArguments args, Isolate* isolate, ...@@ -430,7 +430,7 @@ Object GetModifySetValueInBuffer(RuntimeArguments args, Isolate* isolate,
THROW_ERROR_RETURN_FAILURE_ON_DETACHED_OR_OUT_OF_BOUNDS(isolate, sta, index, THROW_ERROR_RETURN_FAILURE_ON_DETACHED_OR_OUT_OF_BOUNDS(isolate, sta, index,
method_name); method_name);
CHECK_LT(index, sta->length()); CHECK_LT(index, sta->GetLength());
switch (sta->type()) { switch (sta->type()) {
#define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype) \ #define TYPED_ARRAY_CASE(Type, typeName, TYPE, ctype) \
...@@ -459,7 +459,7 @@ RUNTIME_FUNCTION(Runtime_AtomicsLoad64) { ...@@ -459,7 +459,7 @@ RUNTIME_FUNCTION(Runtime_AtomicsLoad64) {
DCHECK(sta->type() == kExternalBigInt64Array || DCHECK(sta->type() == kExternalBigInt64Array ||
sta->type() == kExternalBigUint64Array); sta->type() == kExternalBigUint64Array);
DCHECK(!sta->IsDetachedOrOutOfBounds()); DCHECK(!sta->IsDetachedOrOutOfBounds());
CHECK_LT(index, sta->length()); CHECK_LT(index, sta->GetLength());
if (sta->type() == kExternalBigInt64Array) { if (sta->type() == kExternalBigInt64Array) {
return Load<int64_t>::Do(isolate, source, index); return Load<int64_t>::Do(isolate, source, index);
} }
...@@ -507,7 +507,6 @@ RUNTIME_FUNCTION(Runtime_AtomicsCompareExchange) { ...@@ -507,7 +507,6 @@ RUNTIME_FUNCTION(Runtime_AtomicsCompareExchange) {
size_t index = NumberToSize(args[1]); size_t index = NumberToSize(args[1]);
Handle<Object> old_value_obj = args.at(2); Handle<Object> old_value_obj = args.at(2);
Handle<Object> new_value_obj = args.at(3); Handle<Object> new_value_obj = args.at(3);
CHECK_LT(index, sta->length());
uint8_t* source = static_cast<uint8_t*>(sta->GetBuffer()->backing_store()) + uint8_t* source = static_cast<uint8_t*>(sta->GetBuffer()->backing_store()) +
sta->byte_offset(); sta->byte_offset();
...@@ -523,7 +522,7 @@ RUNTIME_FUNCTION(Runtime_AtomicsCompareExchange) { ...@@ -523,7 +522,7 @@ RUNTIME_FUNCTION(Runtime_AtomicsCompareExchange) {
THROW_ERROR_RETURN_FAILURE_ON_DETACHED_OR_OUT_OF_BOUNDS( THROW_ERROR_RETURN_FAILURE_ON_DETACHED_OR_OUT_OF_BOUNDS(
isolate, sta, index, "Atomics.compareExchange"); isolate, sta, index, "Atomics.compareExchange");
CHECK_LT(index, sta->length()); CHECK_LT(index, sta->GetLength());
if (sta->type() == kExternalBigInt64Array) { if (sta->type() == kExternalBigInt64Array) {
return DoCompareExchange<int64_t>(isolate, source, index, old_bigint, return DoCompareExchange<int64_t>(isolate, source, index, old_bigint,
new_bigint); new_bigint);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment