Commit 66865057 authored by Dan Elphick's avatar Dan Elphick Committed by Commit Bot

Fix use of raw object in JSSegmentIterator

Fix JSSegmentIterator::Create getting the unicode string as a raw object
pointer and then performing memory allocation which then invalidates it.
This changes SetTextToBreakIterator to return a handle instead.

Bug: v8:6891
Change-Id: I57e175b31e78a074a0b3c5a8fc26b4af05b4a752
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667409
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: 's avatarSathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62287}
parent 82bc7d1a
...@@ -1659,7 +1659,7 @@ Intl::ResolvedLocale Intl::ResolveLocale( ...@@ -1659,7 +1659,7 @@ Intl::ResolvedLocale Intl::ResolveLocale(
return Intl::ResolvedLocale{canonicalized_locale, icu_locale, extensions}; return Intl::ResolvedLocale{canonicalized_locale, icu_locale, extensions};
} }
Managed<icu::UnicodeString> Intl::SetTextToBreakIterator( Handle<Managed<icu::UnicodeString>> Intl::SetTextToBreakIterator(
Isolate* isolate, Handle<String> text, icu::BreakIterator* break_iterator) { Isolate* isolate, Handle<String> text, icu::BreakIterator* break_iterator) {
text = String::Flatten(isolate, text); text = String::Flatten(isolate, text);
icu::UnicodeString* u_text = icu::UnicodeString* u_text =
...@@ -1669,7 +1669,7 @@ Managed<icu::UnicodeString> Intl::SetTextToBreakIterator( ...@@ -1669,7 +1669,7 @@ Managed<icu::UnicodeString> Intl::SetTextToBreakIterator(
Managed<icu::UnicodeString>::FromRawPtr(isolate, 0, u_text); Managed<icu::UnicodeString>::FromRawPtr(isolate, 0, u_text);
break_iterator->setText(*u_text); break_iterator->setText(*u_text);
return *new_u_text; return new_u_text;
} }
// ecma262 #sec-string.prototype.normalize // ecma262 #sec-string.prototype.normalize
......
...@@ -304,7 +304,7 @@ class Intl { ...@@ -304,7 +304,7 @@ class Intl {
}; };
// Utility function to set text to BreakIterator. // Utility function to set text to BreakIterator.
static Managed<icu::UnicodeString> SetTextToBreakIterator( static Handle<Managed<icu::UnicodeString>> SetTextToBreakIterator(
Isolate* isolate, Handle<String> text, Isolate* isolate, Handle<String> text,
icu::BreakIterator* break_iterator); icu::BreakIterator* break_iterator);
......
...@@ -131,9 +131,9 @@ void JSV8BreakIterator::AdoptText( ...@@ -131,9 +131,9 @@ void JSV8BreakIterator::AdoptText(
icu::BreakIterator* break_iterator = icu::BreakIterator* break_iterator =
break_iterator_holder->break_iterator().raw(); break_iterator_holder->break_iterator().raw();
CHECK_NOT_NULL(break_iterator); CHECK_NOT_NULL(break_iterator);
Managed<icu::UnicodeString> unicode_string = Handle<Managed<icu::UnicodeString>> unicode_string =
Intl::SetTextToBreakIterator(isolate, text, break_iterator); Intl::SetTextToBreakIterator(isolate, text, break_iterator);
break_iterator_holder->set_unicode_string(unicode_string); break_iterator_holder->set_unicode_string(*unicode_string);
} }
Handle<String> JSV8BreakIterator::TypeAsString() const { Handle<String> JSV8BreakIterator::TypeAsString() const {
......
...@@ -52,7 +52,7 @@ MaybeHandle<JSSegmentIterator> JSSegmentIterator::Create( ...@@ -52,7 +52,7 @@ MaybeHandle<JSSegmentIterator> JSSegmentIterator::Create(
Handle<Managed<icu::BreakIterator>> managed_break_iterator = Handle<Managed<icu::BreakIterator>> managed_break_iterator =
Managed<icu::BreakIterator>::FromRawPtr(isolate, 0, break_iterator); Managed<icu::BreakIterator>::FromRawPtr(isolate, 0, break_iterator);
Managed<icu::UnicodeString> unicode_string = Handle<Managed<icu::UnicodeString>> unicode_string =
Intl::SetTextToBreakIterator(isolate, text, break_iterator); Intl::SetTextToBreakIterator(isolate, text, break_iterator);
// Now all properties are ready, so we can allocate the result object. // Now all properties are ready, so we can allocate the result object.
...@@ -67,7 +67,7 @@ MaybeHandle<JSSegmentIterator> JSSegmentIterator::Create( ...@@ -67,7 +67,7 @@ MaybeHandle<JSSegmentIterator> JSSegmentIterator::Create(
segment_iterator->set_icu_break_iterator(*managed_break_iterator); segment_iterator->set_icu_break_iterator(*managed_break_iterator);
// 3. Let iterator.[[SegmentIteratorString]] be string. // 3. Let iterator.[[SegmentIteratorString]] be string.
segment_iterator->set_unicode_string(unicode_string); segment_iterator->set_unicode_string(*unicode_string);
// 4. Let iterator.[[SegmentIteratorIndex]] be 0. // 4. Let iterator.[[SegmentIteratorIndex]] be 0.
// step 4 is stored inside break_iterator. // step 4 is stored inside break_iterator.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment