[regexp] Fix incorrect string length check on arm64.

The maximum length of the chars in bytes was hardcoded and was not updated with the increase in string length on 64-bit platforms. The other platforms don't do this debug check so they don't need updating. Bug: chromium:779407 Change-Id: I94fd946f9e67b39075c1f7eed14a20e9db126a72 Reviewed-on: https://chromium-review.googlesource.com/753584 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#49142}
2017-11-03 15:30:32 +01:00 · 2017-11-03 15:30:32 +01:00 · f155445f37
commit f155445f37
parent 9a3856cd5d
3 changed files with 21 additions and 7 deletions
--- a/src/objects/string.h
+++ b/src/objects/string.h
@ -515,7 +515,8 @@ class SeqOneByteString : public SeqString {
  }

  // Maximal memory usage for a single sequential one-byte string.
-  static const int kMaxSize = OBJECT_POINTER_ALIGN(kMaxLength + kHeaderSize);
+  static const int kMaxCharsSize = kMaxLength;
+  static const int kMaxSize = OBJECT_POINTER_ALIGN(kMaxCharsSize + kHeaderSize);
  STATIC_ASSERT((kMaxSize - kHeaderSize) >= String::kMaxLength);

  class BodyDescriptor;
@ -561,8 +562,8 @@ class SeqTwoByteString : public SeqString {
  }

  // Maximal memory usage for a single sequential two-byte string.
-  static const int kMaxSize =
-      OBJECT_POINTER_ALIGN(kMaxLength * 2 + kHeaderSize);
+  static const int kMaxCharsSize = kMaxLength * 2;
+  static const int kMaxSize = OBJECT_POINTER_ALIGN(kMaxCharsSize + kHeaderSize);
  STATIC_ASSERT(static_cast<int>((kMaxSize - kHeaderSize) / sizeof(uint16_t)) >=
                String::kMaxLength);

--- a/src/regexp/arm64/regexp-macro-assembler-arm64.cc
+++ b/src/regexp/arm64/regexp-macro-assembler-arm64.cc
@ -788,9 +788,9 @@ Handle<HeapObject> RegExpMacroAssemblerARM64::GetCode(Handle<String> source) {
  // Find negative length (offset of start relative to end).
  __ Sub(x10, input_start(), input_end());
  if (masm_->emit_debug_code()) {
-    // Check that the input string length is < 2^30.
+    // Check that the size of the input string chars is in range.
    __ Neg(x11, x10);
-    __ Cmp(x11, (1<<30) - 1);
+    __ Cmp(x11, SeqTwoByteString::kMaxCharsSize);
    __ Check(ls, kInputStringTooLong);
  }
  __ Mov(current_input_offset(), w10);
@ -853,8 +853,8 @@ Handle<HeapObject> RegExpMacroAssemblerARM64::GetCode(Handle<String> source) {
      // Get string length.
      __ Sub(x10, input_end(), input_start());
      if (masm_->emit_debug_code()) {
-        // Check that the input string length is < 2^30.
-        __ Cmp(x10, (1<<30) - 1);
+        // Check that the size of the input string chars is in range.
+        __ Cmp(x10, SeqTwoByteString::kMaxCharsSize);
        __ Check(ls, kInputStringTooLong);
      }
      // input_start has a start_offset offset on entry. We need to include
--- a/test/mjsunit/regress/regress-779407.js
+++ b/test/mjsunit/regress/regress-779407.js
@ -0,0 +1,13 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var s = '\u1234-------';
+for (var i = 0; i < 17; i++) {
+  try {
+    s += s;
+    s += s;
+  } catch (e) {
+  }
+}
+s.replace(/[a]/g);