From 2a877bfc95be4c2952ba5a03c5282452036dc33a Mon Sep 17 00:00:00 2001
From: "ager@chromium.org"
 <ager@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 19 Jul 2010 10:02:11 +0000
Subject: [PATCH] Landing for pmehta.

Changed a static cast from static_cast<int> to static_cast<size_t>
that previously introduced a signed/unsigned comparison issue in the
main allocator for V8 (MemoryAllocator::AllocateRawMemory) that could
be used to bypass the V8 allocation limitations or trigger integer
overflows.

Review URL: http://codereview.chromium.org/3027006/show

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/spaces.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/spaces.cc b/src/spaces.cc
index ca4b66a..2bb58b8 100644
--- a/src/spaces.cc
+++ b/src/spaces.cc
@@ -342,7 +342,9 @@ void MemoryAllocator::TearDown() {
 void* MemoryAllocator::AllocateRawMemory(const size_t requested,
                                          size_t* allocated,
                                          Executability executable) {
-  if (size_ + static_cast<int>(requested) > capacity_) return NULL;
+  if (size_ + static_cast<size_t>(requested) > static_cast<size_t>(capacity_)) {
+    return NULL;
+  }
   void* mem;
   if (executable == EXECUTABLE  && CodeRange::exists()) {
     mem = CodeRange::AllocateRawMemory(requested, allocated);
-- 
2.7.4