projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5b1636f)
Compare external pixel data length against Smi::kMaxValue
authorjkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Fri, 4 Apr 2014 15:25:37 +0000 (15:25 +0000)
committerjkummerow@chromium.org <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Fri, 4 Apr 2014 15:25:37 +0000 (15:25 +0000)
BUG=chromium:359802
LOG=n
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/226133002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/api.cc patch | blob | history
src/objects.h patch | blob | history

diff --git a/src/api.cc b/src/api.cc
index 75c67e0..6660163 100644 (file)
--- a/src/api.cc
+++ b/src/api.cc
@@ -3741,8 +3741,7 @@ void v8::Object::SetIndexedPropertiesToPixelData(uint8_t* data, int length) {
   ON_BAILOUT(isolate, "v8::SetElementsToPixelData()", return);
   ENTER_V8(isolate);
   i::HandleScope scope(isolate);
-  if (!Utils::ApiCheck(length >= 0 &&
-                       length <= i::ExternalUint8ClampedArray::kMaxLength,
+  if (!Utils::ApiCheck(length >= 0 && length <= i::Smi::kMaxValue,
                        "v8::Object::SetIndexedPropertiesToPixelData()",
                        "length exceeds max acceptable value")) {
     return;
@@ -3798,7 +3797,7 @@ void v8::Object::SetIndexedPropertiesToExternalArrayData(
   ON_BAILOUT(isolate, "v8::SetIndexedPropertiesToExternalArrayData()", return);
   ENTER_V8(isolate);
   i::HandleScope scope(isolate);
-  if (!Utils::ApiCheck(length >= 0 && length <= i::ExternalArray::kMaxLength,
+  if (!Utils::ApiCheck(length >= 0 && length <= i::Smi::kMaxValue,
                        "v8::Object::SetIndexedPropertiesToExternalArrayData()",
                        "length exceeds max acceptable value")) {
     return;
diff --git a/src/objects.h b/src/objects.h
index 6788962..5eda04b 100644 (file)
--- a/src/objects.h
+++ b/src/objects.h
@@ -4700,9 +4700,6 @@ class ExternalArray: public FixedArrayBase {
   // Casting.
   static inline ExternalArray* cast(Object* obj);
 
-  // Maximal acceptable length for an external array.
-  static const int kMaxLength = 0x3fffffff;
-
   // ExternalArray headers are not quadword aligned.
   static const int kExternalPointerOffset =
       POINTER_SIZE_ALIGN(FixedArrayBase::kLengthOffset + kPointerSize);
Domain: Web Framework / Web Engine;