From 0055dd133d108f5f02f9cfec1253cbcf7862c213 Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Thu, 3 Jun 2010 18:50:44 -0700 Subject: [PATCH] Apply fix for V8 bug 728 --- deps/v8/src/objects-inl.h | 3 +- deps/v8/test/cctest/test-strings.cc | 48 +++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/deps/v8/src/objects-inl.h b/deps/v8/src/objects-inl.h index c10c930d31..fe33e7ef51 100644 --- a/deps/v8/src/objects-inl.h +++ b/deps/v8/src/objects-inl.h @@ -2986,7 +2986,8 @@ StringHasher::StringHasher(int length) : length_(length), raw_running_hash_(0), array_index_(0), - is_array_index_(0 < length_ && length_ <= String::kMaxArrayIndexSize), + is_array_index_(0 < length_ && + length_ <= String::kMaxCachedArrayIndexLength), is_first_char_(true), is_valid_(true) { } diff --git a/deps/v8/test/cctest/test-strings.cc b/deps/v8/test/cctest/test-strings.cc index 0e30092dbb..677b39d57d 100644 --- a/deps/v8/test/cctest/test-strings.cc +++ b/deps/v8/test/cctest/test-strings.cc @@ -433,3 +433,51 @@ TEST(ExternalShortStringAdd) { CHECK_EQ(0, v8::Script::Compile(v8::String::New(source))->Run()->Int32Value()); } + + +TEST(CachedHashOverflow) { + // We incorrectly allowed strings to be tagged as array indices even if their + // values didn't fit in the hash field. + // See http://code.google.com/p/v8/issues/detail?id=728 + ZoneScope zone(DELETE_ON_EXIT); + + InitializeVM(); + v8::HandleScope handle_scope; + // Lines must be executed sequentially. Combining them into one script + // makes the bug go away. + const char* lines[] = { + "var x = [];", + "x[4] = 42;", + "var s = \"1073741828\";", + "x[s];", + "x[s] = 37;", + "x[4];", + "x[s];", + NULL + }; + + Handle fortytwo(Smi::FromInt(42)); + Handle thirtyseven(Smi::FromInt(37)); + Handle results[] = { + Factory::undefined_value(), + fortytwo, + Factory::undefined_value(), + Factory::undefined_value(), + thirtyseven, + fortytwo, + thirtyseven // Bug yielded 42 here. + }; + + const char* line; + for (int i = 0; (line = lines[i]); i++) { + printf("%s\n", line); + v8::Local result = + v8::Script::Compile(v8::String::New(line))->Run(); + ASSERT_EQ(results[i]->IsUndefined(), result->IsUndefined()); + ASSERT_EQ(results[i]->IsNumber(), result->IsNumber()); + if (result->IsNumber()) { + ASSERT_EQ(Smi::cast(results[i]->ToSmi())->value(), + result->ToInt32()->Value()); + } + } +}