From: dslomov@chromium.org Date: Wed, 22 Oct 2014 08:19:05 +0000 (+0000) Subject: Flatten the string in StringToDouble function. X-Git-Tag: upstream/4.7.83~6197 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b664c12235d28d2633abdfe1970f27415de24af7;p=platform%2Fupstream%2Fv8.git Flatten the string in StringToDouble function. R=yangguo@chromium.org BUG=chromium:425551 LOG=N Review URL: https://codereview.chromium.org/654763003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/conversions.cc b/src/conversions.cc index 8b77623..663f4e8 100644 --- a/src/conversions.cc +++ b/src/conversions.cc @@ -483,19 +483,21 @@ char* DoubleToRadixCString(double value, int radix) { } -double StringToDouble(UnicodeCache* unicode_cache, - String* string, - int flags, - double empty_string_val) { - DisallowHeapAllocation no_gc; - String::FlatContent flat = string->GetFlatContent(); - // ECMA-262 section 15.1.2.3, empty string is NaN - if (flat.IsOneByte()) { - return StringToDouble( - unicode_cache, flat.ToOneByteVector(), flags, empty_string_val); - } else { - return StringToDouble( - unicode_cache, flat.ToUC16Vector(), flags, empty_string_val); +double StringToDouble(UnicodeCache* unicode_cache, Handle string, + int flags, double empty_string_val) { + Handle flattened = String::Flatten(string); + { + DisallowHeapAllocation no_gc; + String::FlatContent flat = flattened->GetFlatContent(); + DCHECK(flat.IsFlat()); + // ECMA-262 section 15.1.2.3, empty string is NaN + if (flat.IsOneByte()) { + return StringToDouble(unicode_cache, flat.ToOneByteVector(), flags, + empty_string_val); + } else { + return StringToDouble(unicode_cache, flat.ToUC16Vector(), flags, + empty_string_val); + } } } diff --git a/src/conversions.h b/src/conversions.h index 6a28b5f..5afd4e1 100644 --- a/src/conversions.h +++ b/src/conversions.h @@ -198,10 +198,8 @@ inline uint32_t NumberToUint32(Object* number) { } -double StringToDouble(UnicodeCache* unicode_cache, - String* string, - int flags, - double empty_string_val = 0.0); +double StringToDouble(UnicodeCache* unicode_cache, Handle string, + int flags, double empty_string_val = 0.0); inline bool TryNumberToSize(Isolate* isolate, diff --git a/src/lookup.cc b/src/lookup.cc index 34fa100..84eb6d4 100644 --- a/src/lookup.cc +++ b/src/lookup.cc @@ -314,7 +314,7 @@ bool LookupIterator::IsSpecialNumericIndex() const { Handle name_string = Handle::cast(name()); if (name_string->length() > 0) { double d = - StringToDouble(isolate()->unicode_cache(), *name_string, NO_FLAGS); + StringToDouble(isolate()->unicode_cache(), name_string, NO_FLAGS); if (!std::isnan(d)) { if (String::Equals(isolate()->factory()->minus_zero_string(), name_string)) diff --git a/src/runtime/runtime-numbers.cc b/src/runtime/runtime-numbers.cc index 5e645be..bc0bb36 100644 --- a/src/runtime/runtime-numbers.cc +++ b/src/runtime/runtime-numbers.cc @@ -193,7 +193,7 @@ RUNTIME_FUNCTION(Runtime_StringToNumber) { } return *isolate->factory()->NewNumber( - StringToDouble(isolate->unicode_cache(), *subject, flags)); + StringToDouble(isolate->unicode_cache(), subject, flags)); } @@ -229,8 +229,7 @@ RUNTIME_FUNCTION(Runtime_StringParseFloat) { DCHECK(args.length() == 1); CONVERT_ARG_HANDLE_CHECKED(String, subject, 0); - subject = String::Flatten(subject); - double value = StringToDouble(isolate->unicode_cache(), *subject, + double value = StringToDouble(isolate->unicode_cache(), subject, ALLOW_TRAILING_JUNK, base::OS::nan_value()); return *isolate->factory()->NewNumber(value); diff --git a/test/mjsunit/regress/regress-425551.js b/test/mjsunit/regress/regress-425551.js new file mode 100644 index 0000000..eee5e32 --- /dev/null +++ b/test/mjsunit/regress/regress-425551.js @@ -0,0 +1,7 @@ +// Copyright 2014 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +var array = new Int8Array(10); +array[/\u007d\u00fc\u0043/] = 1.499 +assertEquals(1.499, array[/\u007d\u00fc\u0043/]);