Throw illegal exception when formatting with invalid template index.

R=arv@chromium.org
BUG=chromium:492526
LOG=N

Review URL: https://codereview.chromium.org/1146923004

Cr-Commit-Position: refs/heads/master@{#28671}

diff --git a/src/messages.cc b/src/messages.cc
index daf6c82..84ce4c3 100644 (file)
--- a/src/messages.cc
+++ b/src/messages.cc
@@ -331,6 +331,7 @@ MaybeHandle<String> MessageTemplate::FormatMessage(int template_index,
                                                    Handle<String> arg0,
                                                    Handle<String> arg1,
                                                    Handle<String> arg2) {
+  Isolate* isolate = arg0->GetIsolate();
   const char* template_string;
   switch (template_index) {
 #define CASE(NAME, STRING)    \
@@ -341,12 +342,10 @@ MaybeHandle<String> MessageTemplate::FormatMessage(int template_index,
 #undef CASE
     case kLastMessage:
     default:
-      UNREACHABLE();
-      template_string = "";
-      break;
+      isolate->ThrowIllegalOperation();
+      return MaybeHandle<String>();
   }
 
-  Isolate* isolate = arg0->GetIsolate();
   IncrementalStringBuilder builder(isolate);
 
   unsigned int i = 0;

diff --git a/test/mjsunit/regress/regress-crbug-492526.js b/test/mjsunit/regress/regress-crbug-492526.js
new file mode 100644 (file)
index 0000000..e8ea298
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-492526.js
@@ -0,0 +1,7 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+assertThrows(function() { %FormatMessageString(-1, "", "", ""); });