AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Runtime CHECK for overflow in NewTypedArray.

Browse Source 
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/62713006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17739 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
dslomov@chromium.org 2013-11-14 11:52:24 +00:00
parent aefa2a2161
commit 230d5bf3af
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/api.cc
View File

@ -6132,8 +6132,10 @@ i::Handle<i::JSTypedArray> NewTypedArray(
ASSERT(byte_offset % sizeof(ElementType) == 0);
CHECK(length <= (std::numeric_limits<size_t>::max() / sizeof(ElementType)));
size_t byte_length = length * sizeof(ElementType);
SetupArrayBufferView(
isolate, obj, buffer, byte_offset, length * sizeof(ElementType));
isolate, obj, buffer, byte_offset, byte_length);
i::Handle<i::Object> length_object =
isolate->factory()->NewNumberFromSize(length);