Skip to content

Fix push() and unshift() in case result length is larger than UINT_MAX #462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix push() and unshift() in case result length is larger than UINT_MAX #462

wants to merge 1 commit into from

Conversation

dbatyai
Copy link
Member

@dbatyai dbatyai commented Jul 23, 2015

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai.u-szeged@partner.samsung.com

@dbatyai dbatyai added bug Undesired behaviour ecma builtins Related to ECMA built-in routines labels Jul 23, 2015
@dbatyai dbatyai added this to the ECMA builtins milestone Jul 23, 2015
ruben-ayrapetyan
ruben-ayrapetyan reviewed Jul 23, 2015
View reviewed changes
jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype.cpp
if (ecma_object_get_class_name (object) == LIT_MAGIC_STRING_ARRAY_UL
&& unlikely (length > (uint32_t)(-1))) /* Check if length greater than UINT_MAX */
{
ret_value = ecma_make_throw_obj_completion_value (ecma_new_standard_error (ECMA_ERROR_RANGE));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dbatyai, the error should be raised in ecma_op_array_object_define_own_property. Is there any case, where it isn't raised?

@dbatyai
Fix Array.prototype.push() and unshift() in case result length is lar…
e647b4c 
…ger than UINT_MAX

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai.u-szeged@partner.samsung.com
@dbatyai dbatyai force-pushed the array_push_max_length branch from 8f8bda2 to e647b4c Compare July 24, 2015 09:08
@dbatyai
Copy link
Member Author

dbatyai commented Jul 24, 2015

@ruben-ayrapetyan, I've updated the patch. The error does get raised correctly in ecma_op_array_object_define_own_property when it should.

ruben-ayrapetyan
ruben-ayrapetyan reviewed Jul 24, 2015
View reviewed changes
jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype.cpp
index++, n++)
{
/* 5.a */
ecma_value_t e_value = argument_list_p[index];

/* 5.b */
ecma_string_t *n_str_p = ecma_new_ecma_string_from_uint32 (n);
ecma_string_t *n_str_p = ecma_new_ecma_string_from_number (n);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is better to use ecma_new_ecma_string_from_uint32 instead of ecma_new_ecma_string_from_number, as it reduces memory usage.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't use ecma_new_ecma_string_from_uint32 here, because the index can go above 2^32.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Thanks for explanation.

@dbatyai dbatyai assigned ruben-ayrapetyan and unassigned dbatyai Jul 24, 2015
@ruben-ayrapetyan
Copy link
Contributor

Looks good to me

@galpeter
Copy link
Contributor

Looks good to me.

@galpeter
Copy link
Contributor

Landed: fec5933

@galpeter galpeter closed this Jul 24, 2015
@dbatyai dbatyai deleted the array_push_max_length branch July 31, 2015 10:57
@zherczeg zherczeg mentioned this pull request Jul 20, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Undesired behaviour ecma builtins Related to ECMA built-in routines
Projects
None yet
Milestone
ECMA builtins
Development

Successfully merging this pull request may close these issues.
3 participants
@dbatyai @ruben-ayrapetyan @galpeter