- Ensure the stack trace limit is not negative.

- Enable fuzzing of the CollectStackTrace runtime call.

Review URL: http://codereview.chromium.org/491005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/runtime.cc b/src/runtime.cc
index da4504c..ac61de2 100644 (file)
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -7884,7 +7884,8 @@ static Object* Runtime_CollectStackTrace(Arguments args) {
 
   HandleScope scope;
 
-  int initial_size = limit < 10 ? limit : 10;
+  limit = Max(limit, 0);  // Ensure that limit is not negative.
+  int initial_size = Min(limit, 10);
   Handle<JSArray> result = Factory::NewJSArray(initial_size * 3);
 
   StackFrameIterator iter;

diff --git a/test/mjsunit/fuzz-natives.js b/test/mjsunit/fuzz-natives.js
index f495c72..cd50667 100644 (file)
--- a/test/mjsunit/fuzz-natives.js
+++ b/test/mjsunit/fuzz-natives.js
@@ -129,7 +129,6 @@ var knownProblems = {
   "Log": true,
   "DeclareGlobals": true,
 
-  "CollectStackTrace": true,
   "PromoteScheduledException": true,
   "DeleteHandleScopeExtensions": true
 };