Skip to content

V
V8
Commit 5bba1e46 authored by Jakob Gruber's avatar Jakob Gruber Committed by Commit Bot
Browse files
Options

Fix an early dereference in ReplacementStringBuilder 

This fixes an early handle dereference before a potential allocation
in ReplacementStringBuilder.

Bug: chromium:935101
Change-Id: I03cf2b18b577a38af818dcc42f7c430faba23450
Reviewed-on: https://chromium-review.googlesource.com/c/1485831Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59811}
parent 6e94676d
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 4 deletions
src/string-builder-inl.h
View file @ 5bba1e46
......@@ -103,7 +103,7 @@ class ReplacementStringBuilder {
}
private:
void AddElement(Object element);
void AddElement(Handle<Object> element);
void EnsureCapacity(int elements);
Heap* heap_;
......
src/string-builder.cc
View file @ 5bba1e46
......@@ -180,7 +180,7 @@ void ReplacementStringBuilder::EnsureCapacity(int elements) {
void ReplacementStringBuilder::AddString(Handle<String> string) {
int length = string->length();
DCHECK_GT(length, 0);
AddElement(*string);
AddElement(string);
if (!string->IsOneByteRepresentation()) {
is_one_byte_ = false;
}
......@@ -221,10 +221,11 @@ MaybeHandle<String> ReplacementStringBuilder::ToString() {
return joined_string;
}
void ReplacementStringBuilder::AddElement(Object element) {
void ReplacementStringBuilder::AddElement(Handle<Object> element) {
DCHECK(element->IsSmi() || element->IsString());
EnsureCapacity(1);
array_builder_.Add(element);
DisallowHeapAllocation no_gc;
array_builder_.Add(*element);
}
IncrementalStringBuilder::IncrementalStringBuilder(Isolate* isolate)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment