AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Fix an early dereference in ReplacementStringBuilder

Browse Source 
This fixes an early handle dereference before a potential allocation
in ReplacementStringBuilder.

Bug: chromium:935101
Change-Id: I03cf2b18b577a38af818dcc42f7c430faba23450
Reviewed-on: https://chromium-review.googlesource.com/c/1485831
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59811}
This commit is contained in:
Jakob Gruber 2019-02-25 10:32:34 +01:00 committed by Commit Bot
parent 6e94676d15
commit 5bba1e46c3
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/string-builder-inl.h
View File

@ -103,7 +103,7 @@ class ReplacementStringBuilder {
} }
private: private:
void AddElement(Object element); void AddElement(Handle<Object> element);
void EnsureCapacity(int elements); void EnsureCapacity(int elements);
Heap* heap_; Heap* heap_;

7
src/string-builder.cc
View File

@ -180,7 +180,7 @@ void ReplacementStringBuilder::EnsureCapacity(int elements) {
void ReplacementStringBuilder::AddString(Handle<String> string) { void ReplacementStringBuilder::AddString(Handle<String> string) {
int length = string->length(); int length = string->length();
DCHECK_GT(length, 0); DCHECK_GT(length, 0);
AddElement(*string); AddElement(string);
if (!string->IsOneByteRepresentation()) { if (!string->IsOneByteRepresentation()) {
is_one_byte_ = false; is_one_byte_ = false;
} }
@ -221,10 +221,11 @@ MaybeHandle<String> ReplacementStringBuilder::ToString() {
return joined_string; return joined_string;
} }
void ReplacementStringBuilder::AddElement(Object element) { void ReplacementStringBuilder::AddElement(Handle<Object> element) {
DCHECK(element->IsSmi() || element->IsString()); DCHECK(element->IsSmi() || element->IsString());
EnsureCapacity(1); EnsureCapacity(1);
array_builder_.Add(element); DisallowHeapAllocation no_gc;
array_builder_.Add(*element);
} }
IncrementalStringBuilder::IncrementalStringBuilder(Isolate* isolate) IncrementalStringBuilder::IncrementalStringBuilder(Isolate* isolate)