AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
54,525 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
2222a9d67e
Go to file
Mike Stanton 2222a9d67e [Builtins] Array.prototype.reduce missing length check 
In the recent port of reduce() and reduceRight(), a check for a length
change during the loop (standard for iterating builtins) was omitted.

We did get array bounds check protection, however it didn't expose
the issue in our tests because the bounds check is against the
backing store length, not against the length in the referring JSArray.

Also added a test for reduceRight().

R=jgruber@chromium.org

Bug: chromium:937676
Change-Id: I76e22e0d71965bff84a0822b1df5dc818a00b50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503732
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60033}
2019-03-05 14:58:59 +00:00
benchmarks [test] Ensure random generator in JSTests does not use float arithmetic 2018-12-17 10:05:08 +00:00
build_overrides
custom_deps
docs
gni [inspector] Fix js_protocol.pdl build dependency 2019-02-26 23:56:17 +00:00
include [ptr-compr] Prepare for changing kTaggedSize, pt.3 2019-03-04 15:40:02 +00:00
infra [build] Switch off goma on gcc trybots 2019-03-01 13:34:05 +00:00
samples
src [Builtins] Array.prototype.reduce missing length check 2019-03-05 14:58:59 +00:00
test [Builtins] Array.prototype.reduce missing length check 2019-03-05 14:58:59 +00:00
testing
third_party [DevTools] Roll of inspector protocol ... 2019-03-01 02:10:29 +00:00
tools Specify the Python executable on the command line in gm.py 2019-03-05 03:30:30 +00:00
.clang-format
.clang-tidy [tool] Remove unfixed clang-tidy warnings to ease use. 2018-10-26 07:40:32 +00:00
.editorconfig
.git-blame-ignore-revs
.gitattributes .gitattributes: Mark minified emscripten js files as -diff 2018-09-19 16:27:10 +00:00
.gitignore Add .ccls-cache to .gitignore 2019-02-26 10:32:45 +00:00
.gn
.vpython [tools] Correctly identify and report test crashes and infra failures 2018-10-30 15:05:40 +00:00
.ycm_extra_conf.py
AUTHORS [coverage] Extend SourceRangeAstVisitor for throw statements 2019-02-28 10:45:29 +00:00
BUILD.gn Revert "Remove builtin-function-id in SFI" 2019-03-04 19:54:05 +00:00
ChangeLog [release] Merge ChangeLog back to master 2018-12-07 15:41:59 +00:00
CODE_OF_CONDUCT.md
codereview.settings
DEPS Update V8 DEPS. 2019-03-05 03:59:59 +00:00
LICENSE
LICENSE.fdlibm
LICENSE.strongtalk
LICENSE.v8
LICENSE.valgrind
OWNERS Reduce wasm OWNERS to current team members 2018-10-15 14:47:49 +00:00
PRESUBMIT.py Revert "[torque] Temporarily disable torque format check to pass presubmit" 2019-02-20 14:07:17 +00:00
README.md
snapshot_toolchain.gni Reland "Add Windows ARM64 ABI support to V8" 2018-10-24 19:46:36 +00:00
WATCHLISTS Update WATCHLIST wrt yangguo 2018-11-23 08:29:12 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.