Skip to content

V
V8
Commit aefa2a21 authored by dslomov@chromium.org's avatar dslomov@chromium.org
Browse files
Options

Reland "Harden NumberToSize against overflows." 

The callers to NumberToSize are supposed to validate the number, but
this adds a last line of defense.

TBR=jkummerow@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/61733021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent c6705f5e
Show whitespace changes
Inline Side-by-side
Showing with 8 additions and 1 deletion
src/v8conversions.h
View file @ aefa2a21
...@@ -60,10 +60,17 @@ inline size_t NumberToSize(Isolate* isolate, ...@@ -60,10 +60,17 @@ inline size_t NumberToSize(Isolate* isolate,
Object* number) { Object* number) {
SealHandleScope shs(isolate); SealHandleScope shs(isolate);
if (number->IsSmi()) { if (number->IsSmi()) {
return Smi::cast(number)->value(); int value = Smi::cast(number)->value();
CHECK_GE(value, 0);
ASSERT(
static_cast<unsigned>(Smi::kMaxValue)
<= std::numeric_limits<size_t>::max());
return static_cast<size_t>(value);
} else { } else {
ASSERT(number->IsHeapNumber()); ASSERT(number->IsHeapNumber());
double value = HeapNumber::cast(number)->value(); double value = HeapNumber::cast(number)->value();
CHECK(value >= 0 &&
value <= std::numeric_limits<size_t>::max());
return static_cast<size_t>(value); return static_cast<size_t>(value);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment