-
Jakob Gruber authored
This is a reland of 164cf80b The reland fixes UB (left-shift of negative integer type) with a static_cast<uint32_t>. Original change's description: > [regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition > > Drive-by: Range checks in `Emit(byte, twenty_four_bits)` to ensure the > given packed bits actually fit into 24 bits. > > Bug: chromium:1166138 > Change-Id: I2e711e6466bb48d7b9897f68dfe621d12bd92508 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625877 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72064} Tbr: leszeks@chromium.org Bug: chromium:1166138 Change-Id: I514495e14bb99dfc9588fdb4a9f35d67d8d64acb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2626663Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72088}
ff8d0f92
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
benchmarks | ||
cctest | ||
common | ||
debugger | ||
debugging | ||
fuzzer | ||
fuzzilli | ||
inspector | ||
intl | ||
js-perf-test | ||
memory | ||
message | ||
mjsunit | ||
mkgrokdump | ||
mozilla | ||
test262 | ||
torque | ||
unittests | ||
wasm-api-tests | ||
wasm-js | ||
wasm-spec-tests | ||
webkit | ||
BUILD.gn | ||
OWNERS |