AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
54,525 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
2222a9d67e
Go to file
Mike Stanton 2222a9d67e [Builtins] Array.prototype.reduce missing length check 
In the recent port of reduce() and reduceRight(), a check for a length
change during the loop (standard for iterating builtins) was omitted.

We did get array bounds check protection, however it didn't expose
the issue in our tests because the bounds check is against the
backing store length, not against the length in the referring JSArray.

Also added a test for reduceRight().

R=jgruber@chromium.org

Bug: chromium:937676
Change-Id: I76e22e0d71965bff84a0822b1df5dc818a00b50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503732
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60033}
2019-03-05 14:58:59 +00:00
benchmarks [test] Ensure random generator in JSTests does not use float arithmetic 2018-12-17 10:05:08 +00:00
build_overrides [ndk] Change android ndk root for v8 2018-01-11 08:10:33 +00:00
custom_deps [build] Add common directory for custom deps 2018-06-08 19:23:02 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni [inspector] Fix js_protocol.pdl build dependency 2019-02-26 23:56:17 +00:00
include [ptr-compr] Prepare for changing kTaggedSize, pt.3 2019-03-04 15:40:02 +00:00
infra [build] Switch off goma on gcc trybots 2019-03-01 13:34:05 +00:00
samples Add a sample that uses the JS API to create wasm 2018-06-07 23:43:38 +00:00
src [Builtins] Array.prototype.reduce missing length check 2019-03-05 14:58:59 +00:00
test [Builtins] Array.prototype.reduce missing length check 2019-03-05 14:58:59 +00:00
testing Remove dummy files created for rolling googletest. 2018-03-27 05:55:56 +00:00
third_party [DevTools] Roll of inspector protocol ... 2019-03-01 02:10:29 +00:00
tools Specify the Python executable on the command line in gm.py 2019-03-05 03:30:30 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.clang-tidy [tool] Remove unfixed clang-tidy warnings to ease use. 2018-10-26 07:40:32 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.git-blame-ignore-revs [build] Add DEPS formatting to hyper-blame 2017-10-09 14:08:45 +00:00
.gitattributes .gitattributes: Mark minified emscripten js files as -diff 2018-09-19 16:27:10 +00:00
.gitignore Add .ccls-cache to .gitignore 2019-02-26 10:32:45 +00:00
.gn [test] Remove obsolete test262 archive extract 2018-03-28 13:52:15 +00:00
.vpython [tools] Correctly identify and report test crashes and infra failures 2018-10-30 15:05:40 +00:00
.ycm_extra_conf.py [ycm] Switch from gnu++11 to gnu++14 2017-11-27 07:48:21 +00:00
AUTHORS [coverage] Extend SourceRangeAstVisitor for throw statements 2019-02-28 10:45:29 +00:00
BUILD.gn Revert "Remove builtin-function-id in SFI" 2019-03-04 19:54:05 +00:00
ChangeLog [release] Merge ChangeLog back to master 2018-12-07 15:41:59 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
DEPS Update V8 DEPS. 2019-03-05 03:59:59 +00:00
LICENSE Add antlr4 runtime library to support Torque 2018-04-10 10:01:01 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
OWNERS Reduce wasm OWNERS to current team members 2018-10-15 14:47:49 +00:00
PRESUBMIT.py Revert "[torque] Temporarily disable torque format check to pass presubmit" 2019-02-20 14:07:17 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni Reland "Add Windows ARM64 ABI support to V8" 2018-10-24 19:46:36 +00:00
WATCHLISTS Update WATCHLIST wrt yangguo 2018-11-23 08:29:12 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.