Commit 9ca022fa authored by qiuyi.zqy's avatar qiuyi.zqy Committed by Commit bot

Return false in TryNumberToSize if the number is 1 << 64.

Currently when the number passed to TryNumberToSize is 1 << 64,
it gets away with a bug caused by rounding of mantissa.
Then the number will be casted to 0 and TryNumberToSize
will return true. This patch fix this by making the range check
more accurate.

BUG=v8:5712

Review-Url: https://codereview.chromium.org/2548243004
Cr-Commit-Position: refs/heads/master@{#41578}
parent d23f8371
...@@ -104,6 +104,7 @@ Patrick Gansterer <paroga@paroga.com> ...@@ -104,6 +104,7 @@ Patrick Gansterer <paroga@paroga.com>
Peter Rybin <peter.rybin@gmail.com> Peter Rybin <peter.rybin@gmail.com>
Peter Varga <pvarga@inf.u-szeged.hu> Peter Varga <pvarga@inf.u-szeged.hu>
Paul Lind <plind44@gmail.com> Paul Lind <plind44@gmail.com>
Qiuyi Zhang <qiuyi.zqy@alibaba-inc.com>
Rafal Krypa <rafal@krypa.net> Rafal Krypa <rafal@krypa.net>
Refael Ackermann <refack@gmail.com> Refael Ackermann <refack@gmail.com>
Rene Rebe <rene@exactcode.de> Rene Rebe <rene@exactcode.de>
......
...@@ -154,7 +154,12 @@ bool TryNumberToSize(Object* number, size_t* result) { ...@@ -154,7 +154,12 @@ bool TryNumberToSize(Object* number, size_t* result) {
} else { } else {
DCHECK(number->IsHeapNumber()); DCHECK(number->IsHeapNumber());
double value = HeapNumber::cast(number)->value(); double value = HeapNumber::cast(number)->value();
if (value >= 0 && value <= std::numeric_limits<size_t>::max()) { // If value is compared directly to the limit, the limit will be
// casted to a double and could end up as limit + 1,
// because a double might not have enough mantissa bits for it.
// So we might as well cast the limit first, and use < instead of <=.
double maxSize = static_cast<double>(std::numeric_limits<size_t>::max());
if (value >= 0 && value < maxSize) {
*result = static_cast<size_t>(value); *result = static_cast<size_t>(value);
return true; return true;
} else { } else {
......
...@@ -444,3 +444,15 @@ TEST(NoHandlesForTryNumberToSize) { ...@@ -444,3 +444,15 @@ TEST(NoHandlesForTryNumberToSize) {
} }
} }
} }
TEST(TryNumberToSizeWithMaxSizePlusOne) {
i::Isolate* isolate = CcTest::i_isolate();
{
HandleScope scope(isolate);
// 1 << 64, larger than the limit of size_t.
double value = 18446744073709551616.0;
size_t result = 0;
Handle<HeapNumber> heap_number = isolate->factory()->NewHeapNumber(value);
CHECK(!TryNumberToSize(*heap_number, &result));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment