AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

Fork 0

Commit Graph

Author	SHA1	Message	Date
Justin Ridgewell	615ecdf8c9	Fix two overflow cases in SourceMap VLQ decoding These both have to do with extremely large numbers, so it's unlikely to cause a problem in practice. Still, correctness. First, encoding `-2147483648` in VLQ returns the value `"B"`. When decoding, we get the value `1` after reading the base64. We then check if the first bit is set (it is) to see if we should negate it, then we shift all bits right once. Now, `value` will be `0` and `negate` will be `true`. So, we'd return `-0`. Which is a bug! `-0` isn't `-2147483648`, and we've broken a round trip. Second, encoding any number with the 31st bit set, we'd return the opposite sign. Let's use `1073741824`. Encoding, we get `"ggggggC"`. When decoding, we get the value `-2147483648` after reading the base64. Notice, it's already negative (the 32nd bit is set, because the 31st was set and we shifted everything left once). We'd then check the first bit (it's not) and shift right. But we used `>>`, which does not shift the sign bit. We actually wanted `>>>`, which will. Because of that bug, we get back `-1073741824` instead of the positive `1073741824`. It's even worse if the 32nd and 31st bits are set, `-1610612736` becomes `536870912` after a round trip. I recently fixed the same two bugs in Closure Compiler: https://github.com/google/closure-compiler/commit/584418eb Change-Id: Ib6592ad50ae3764479c1a766bbb19042ee83b99d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2018882 Auto-Submit: Justin Ridgewell <jridgewell@google.com> Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#65987}	2020-01-27 09:05:25 +00:00
jkummerow@chromium.org	43bf8f9754	Add source map support to tick processor. Added a console parameter for source map to the tick processor. The tickprocesspor reads in the source maps and uses it to output the original filename, line number and column in the profile. Modified d8 to output column numbers into the log, since this is needed to do source mapping. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/22897021 Patch from Daniel Kurka <dankurka@google.com>. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00	2013-08-23 17:20:54 +00:00

Author

SHA1

Message

Date

Justin Ridgewell

615ecdf8c9

Fix two overflow cases in SourceMap VLQ decoding

These both have to do with extremely large numbers, so it's unlikely to cause a problem in practice. Still, correctness.

First, encoding `-2147483648` in VLQ returns the value `"B"`. When decoding, we get the value `1` after reading the base64. We then check if the first bit is set (it is) to see if we should negate it, then we shift all bits right once. Now, `value` will be `0` and `negate` will be `true`. So, we'd return `-0`. Which is a bug! `-0` isn't `-2147483648`, and we've broken a round trip.

Second, encoding any number with the 31st bit set, we'd return the opposite sign. Let's use `1073741824`. Encoding, we get `"ggggggC"`. When decoding, we get the value `-2147483648` after reading the base64. Notice, it's already negative (the 32nd bit is set, because the 31st was set and we shifted everything left once). We'd then check the first bit (it's not) and shift right. But we used `>>`, which does not shift the sign bit. We actually wanted `>>>`, which will. Because of that bug, we get back `-1073741824` instead of the positive `1073741824`. It's even worse if the 32nd and 31st bits are set, `-1610612736` becomes `536870912` after a round trip.

I recently fixed the same two bugs in Closure Compiler: https://github.com/google/closure-compiler/commit/584418eb

Change-Id: Ib6592ad50ae3764479c1a766bbb19042ee83b99d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2018882
Auto-Submit: Justin Ridgewell <jridgewell@google.com>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65987}

2020-01-27 09:05:25 +00:00

jkummerow@chromium.org

43bf8f9754

Add source map support to tick processor.

Added a console parameter for source map to the tick processor.
The tickprocesspor reads in the source maps and uses it to output the original filename, line number and column in the profile.
Modified d8 to output column numbers into the log, since this is needed to do source mapping.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22897021

Patch from Daniel Kurka <dankurka@google.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

2013-08-23 17:20:54 +00:00

2 Commits