1. 27 Jan, 2020 2 commits
    • Justin Ridgewell's avatar
      Fix two overflow cases in SourceMap VLQ decoding · 615ecdf8
      Justin Ridgewell authored
      These both have to do with extremely large numbers, so it's unlikely to cause a problem in practice. Still, correctness.
      
      First, encoding `-2147483648` in VLQ returns the value `"B"`. When decoding, we get the value `1` after reading the base64. We then check if the first bit is set (it is) to see if we should negate it, then we shift all bits right once. Now, `value` will be `0` and `negate` will be `true`. So, we'd return `-0`. Which is a bug! `-0` isn't `-2147483648`, and we've broken a round trip.
      
      Second, encoding any number with the 31st bit set, we'd return the opposite sign. Let's use `1073741824`. Encoding, we get `"ggggggC"`. When decoding, we get the value `-2147483648` after reading the base64. Notice, it's already negative (the 32nd bit is set, because the 31st was set and we shifted everything left once). We'd then check the first bit (it's not) and shift right. But we used `>>`, which does not shift the sign bit. We actually wanted `>>>`, which will. Because of that bug, we get back `-1073741824` instead of the positive `1073741824`. It's even worse if the 32nd and 31st bits are set, `-1610612736` becomes `536870912` after a round trip.
      
      I recently fixed the same two bugs in Closure Compiler: https://github.com/google/closure-compiler/commit/584418eb
      
      Change-Id: Ib6592ad50ae3764479c1a766bbb19042ee83b99d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2018882
      Auto-Submit: Justin Ridgewell <jridgewell@google.com>
      Commit-Queue: Mathias Bynens <mathias@chromium.org>
      Reviewed-by: 's avatarMathias Bynens <mathias@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65987}
      615ecdf8
    • Jakob Gruber's avatar
      [regexp] Correctly escape a backslash-newline sequence · 7d1f95d6
      Jakob Gruber authored
      When printing the source string, a backslash-newline sequence ('\\\n',
      '\\\r', '\\\u2028', '\\\u2029') should be formatted as '\n', '\r',
      '\u2028', '\u2029', respectively. Prior to this CL it was formatted as
      a backslash followed by the literal newline character.
      
      Bug: v8:8615
      Change-Id: Iac90195c56ea1707ea8469066b0cc967ea87fc73
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016583
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65986}
      7d1f95d6
  2. 24 Jan, 2020 23 commits
  3. 23 Jan, 2020 15 commits