From fe952d7237b045b2c639c1c8ed99d1b6c074ad07 Mon Sep 17 00:00:00 2001
From: "iposva@chromium.org"
 <iposva@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 10 Dec 2009 18:33:34 +0000
Subject: [PATCH] - Ensure the stack trace limit is not negative. - Enable
 fuzzing of the CollectStackTrace runtime call.

Review URL: http://codereview.chromium.org/491005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/runtime.cc               | 3 ++-
 test/mjsunit/fuzz-natives.js | 1 -
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/runtime.cc b/src/runtime.cc
index da4504c..ac61de2 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -7884,7 +7884,8 @@ static Object* Runtime_CollectStackTrace(Arguments args) {
 
   HandleScope scope;
 
-  int initial_size = limit < 10 ? limit : 10;
+  limit = Max(limit, 0);  // Ensure that limit is not negative.
+  int initial_size = Min(limit, 10);
   Handle<JSArray> result = Factory::NewJSArray(initial_size * 3);
 
   StackFrameIterator iter;
diff --git a/test/mjsunit/fuzz-natives.js b/test/mjsunit/fuzz-natives.js
index f495c72..cd50667 100644
--- a/test/mjsunit/fuzz-natives.js
+++ b/test/mjsunit/fuzz-natives.js
@@ -129,7 +129,6 @@ var knownProblems = {
   "Log": true,
   "DeclareGlobals": true,
 
-  "CollectStackTrace": true,
   "PromoteScheduledException": true,
   "DeleteHandleScopeExtensions": true
 };
-- 
2.7.4