Changed a static cast from static_cast<int> to static_cast<size_t> that previ... (issue3027006)

56 views

Skip to first unread message

pme...@google.com

unread,

Jul 16, 2010, 7:02:06 PM7/16/10

to ag...@chromium.org, jsc...@google.com, v8-...@googlegroups.com

Reviewers: Mads Ager, jschuh1,

Description:
Changed a static cast from static_cast<int> to static_cast<size_t> that
previously introduced a signed/unsigned comparison issue in the main
allocator
for V8 (MemoryAllocator::AllocateRawMemory) that could be used to bypass
the V8
allocation limitations or trigger integer overflows.

BUG=49215
TEST=allocate a value > 0x7FFFFFFF

Please review this at http://codereview.chromium.org/3027006/show

SVN Base: http://v8.googlecode.com/svn/trunk/

Affected files:
M src/spaces.cc

Index: src/spaces.cc
===================================================================
--- src/spaces.cc (revision 4962)
+++ src/spaces.cc (working copy)
@@ -342,7 +342,7 @@
void* MemoryAllocator::AllocateRawMemory(const size_t requested,
size_t* allocated,
Executability executable) {
- if (size_ + static_cast<int>(requested) > capacity_) return NULL;
+ if (size_ + static_cast<size_t>(requested) > capacity_) return NULL;
void* mem;
if (executable == EXECUTABLE && CodeRange::exists()) {
mem = CodeRange::AllocateRawMemory(requested, allocated);
@@ -385,6 +385,7 @@
return NULL;
}

+
// We are sure that we have mapped a block of requested addresses.
ASSERT(initial_chunk_->size() == requested);
LOG(NewEvent("InitialChunk", initial_chunk_->address(), requested));

ag...@chromium.org

unread,

Jul 19, 2010, 5:52:15 AM7/19/10

to pme...@google.com, jsc...@google.com, v8-...@googlegroups.com

LGTM, I'll land.

http://codereview.chromium.org/3027006/show

Reply all

Reply to author

Forward

0 new messages