Fix natives fuzzing: Let the StringIndexOf runtime function

deal with start indexes that are out of range.
Review URL: http://codereview.chromium.org/8762

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/runtime.cc b/src/runtime.cc
index a38d16417280302b9dbe19f9f10c919b3e64c917..82f2968f3c83ab767a58e1ab60f3c5a20e4022af 100644 (file)
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -1401,6 +1401,7 @@ static Object* Runtime_StringIndexOf(Arguments args) {
   uint32_t start_index;
   if (!Array::IndexFromObject(index, &start_index)) return Smi::FromInt(-1);
 
+  RUNTIME_ASSERT(start_index <= static_cast<uint32_t>(sub->length()));
   int position = Runtime::StringMatch(sub, pat, start_index);
   return Smi::FromInt(position);
 }

diff --git a/test/mjsunit/fuzz-natives.js b/test/mjsunit/fuzz-natives.js
index 315270c6e1cf12abb2de1a4c0e47e7bde96cc971..044266e3b05d6765a4ac0caa2fcaacccb7ff9f64 100644 (file)
--- a/test/mjsunit/fuzz-natives.js
+++ b/test/mjsunit/fuzz-natives.js
@@ -106,6 +106,11 @@ var knownProblems = {
   "SetScriptBreakPoint": true,
   "ChangeBreakOnException": true,
   "PrepareStep": true,
+
+  // Calling disable/enable access checks may interfere with the
+  // the rest of the tests.
+  "DisableAccessChecks": true,
+  "EnableAccessChecks": true,
   
   // These functions should not be callable as runtime functions.
   "NewContext": true,