Flatten the string in StringToDouble function.

author dslomov@chromium.org <dslomov@chromium.org>

Wed, 22 Oct 2014 08:19:05 +0000 (08:19 +0000)

committer dslomov@chromium.org <dslomov@chromium.org>

Wed, 22 Oct 2014 08:19:05 +0000 (08:19 +0000)
author dslomov@chromium.org <dslomov@chromium.org>
Wed, 22 Oct 2014 08:19:05 +0000 (08:19 +0000)
committer dslomov@chromium.org <dslomov@chromium.org>
Wed, 22 Oct 2014 08:19:05 +0000 (08:19 +0000)
diff --git a/src/conversions.cc b/src/conversions.cc

index 8b77623..663f4e8 100644 (file)
--- a/src/conversions.cc
+++ b/src/conversions.cc
@@ -483,19 +483,21 @@ char* DoubleToRadixCString(double value, int radix) {
  }
  
  
-double StringToDouble(UnicodeCache* unicode_cache,
-                      String* string,
-                      int flags,
-                      double empty_string_val) {
-  DisallowHeapAllocation no_gc;
-  String::FlatContent flat = string->GetFlatContent();
-  // ECMA-262 section 15.1.2.3, empty string is NaN
-  if (flat.IsOneByte()) {
-    return StringToDouble(
-        unicode_cache, flat.ToOneByteVector(), flags, empty_string_val);
-  } else {
-    return StringToDouble(
-        unicode_cache, flat.ToUC16Vector(), flags, empty_string_val);
+double StringToDouble(UnicodeCache* unicode_cache, Handle<String> string,
+                      int flags, double empty_string_val) {
+  Handle<String> flattened = String::Flatten(string);
+  {
+    DisallowHeapAllocation no_gc;
+    String::FlatContent flat = flattened->GetFlatContent();
+    DCHECK(flat.IsFlat());
+    // ECMA-262 section 15.1.2.3, empty string is NaN
+    if (flat.IsOneByte()) {
+      return StringToDouble(unicode_cache, flat.ToOneByteVector(), flags,
+                            empty_string_val);
+    } else {
+      return StringToDouble(unicode_cache, flat.ToUC16Vector(), flags,
+                            empty_string_val);
+    }
    }
  }
  
diff --git a/src/conversions.h b/src/conversions.h

index 6a28b5f..5afd4e1 100644 (file)
--- a/src/conversions.h
+++ b/src/conversions.h
@@ -198,10 +198,8 @@ inline uint32_t NumberToUint32(Object* number) {
  }
  
  
-double StringToDouble(UnicodeCache* unicode_cache,
-                      String* string,
-                      int flags,
-                      double empty_string_val = 0.0);
+double StringToDouble(UnicodeCache* unicode_cache, Handle<String> string,
+                      int flags, double empty_string_val = 0.0);
  
  
  inline bool TryNumberToSize(Isolate* isolate,
diff --git a/src/lookup.cc b/src/lookup.cc

index 34fa100..84eb6d4 100644 (file)
--- a/src/lookup.cc
+++ b/src/lookup.cc
@@ -314,7 +314,7 @@ bool LookupIterator::IsSpecialNumericIndex() const {
      Handle<String> name_string = Handle<String>::cast(name());
      if (name_string->length() > 0) {
        double d =
-          StringToDouble(isolate()->unicode_cache(), *name_string, NO_FLAGS);
+          StringToDouble(isolate()->unicode_cache(), name_string, NO_FLAGS);
        if (!std::isnan(d)) {
          if (String::Equals(isolate()->factory()->minus_zero_string(),
                             name_string))
diff --git a/src/runtime/runtime-numbers.cc b/src/runtime/runtime-numbers.cc

index 5e645be..bc0bb36 100644 (file)
--- a/src/runtime/runtime-numbers.cc
+++ b/src/runtime/runtime-numbers.cc
@@ -193,7 +193,7 @@ RUNTIME_FUNCTION(Runtime_StringToNumber) {
    }
  
    return *isolate->factory()->NewNumber(
-      StringToDouble(isolate->unicode_cache(), *subject, flags));
+      StringToDouble(isolate->unicode_cache(), subject, flags));
  }
  
  
@@ -229,8 +229,7 @@ RUNTIME_FUNCTION(Runtime_StringParseFloat) {
    DCHECK(args.length() == 1);
    CONVERT_ARG_HANDLE_CHECKED(String, subject, 0);
  
-  subject = String::Flatten(subject);
-  double value = StringToDouble(isolate->unicode_cache(), *subject,
+  double value = StringToDouble(isolate->unicode_cache(), subject,
                                  ALLOW_TRAILING_JUNK, base::OS::nan_value());
  
    return *isolate->factory()->NewNumber(value);
diff --git a/test/mjsunit/regress/regress-425551.js b/test/mjsunit/regress/regress-425551.js

new file mode 100644 (file)

index 0000000..eee5e32
--- /dev/null
+++ b/test/mjsunit/regress/regress-425551.js
@@ -0,0 +1,7 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var array = new Int8Array(10);
+array[/\u007d\u00fc\u0043/] = 1.499
+assertEquals(1.499, array[/\u007d\u00fc\u0043/]);
author	dslomov@chromium.org <dslomov@chromium.org>
	Wed, 22 Oct 2014 08:19:05 +0000 (08:19 +0000)
committer	dslomov@chromium.org <dslomov@chromium.org>
	Wed, 22 Oct 2014 08:19:05 +0000 (08:19 +0000)
src/conversions.cc		patch \| blob \| history
src/conversions.h		patch \| blob \| history
src/lookup.cc		patch \| blob \| history
src/runtime/runtime-numbers.cc		patch \| blob \| history
test/mjsunit/regress/regress-425551.js	[new file with mode: 0644]	patch \| blob