The callers to NumberToSize are supposed to validate the number, but
this adds a last line of defense.
TBR=jkummerow@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/
61733021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17737
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
Object* number) {
SealHandleScope shs(isolate);
if (number->IsSmi()) {
- return Smi::cast(number)->value();
+ int value = Smi::cast(number)->value();
+ CHECK_GE(value, 0);
+ ASSERT(
+ static_cast<unsigned>(Smi::kMaxValue)
+ <= std::numeric_limits<size_t>::max());
+ return static_cast<size_t>(value);
} else {
ASSERT(number->IsHeapNumber());
double value = HeapNumber::cast(number)->value();
+ CHECK(value >= 0 &&
+ value <= std::numeric_limits<size_t>::max());
return static_cast<size_t>(value);
}
}