diff options
Diffstat (limited to 'deps/v8/src/builtins')
-rw-r--r-- | deps/v8/src/builtins/builtins-string.cc | 7 | ||||
-rw-r--r-- | deps/v8/src/builtins/builtins-typed-array.cc | 19 |
2 files changed, 14 insertions, 12 deletions
diff --git a/deps/v8/src/builtins/builtins-string.cc b/deps/v8/src/builtins/builtins-string.cc index d114a0e86b..43edd628d7 100644 --- a/deps/v8/src/builtins/builtins-string.cc +++ b/deps/v8/src/builtins/builtins-string.cc @@ -448,7 +448,12 @@ BUILTIN(StringRaw) { Object::ToLength(isolate, raw_len)); IncrementalStringBuilder result_builder(isolate); - const uint32_t length = static_cast<uint32_t>(raw_len->Number()); + // Intentional spec violation: we ignore {length} values >= 2^32, because + // assuming non-empty chunks they would generate too-long strings anyway. + const double raw_len_number = raw_len->Number(); + const uint32_t length = raw_len_number > std::numeric_limits<uint32_t>::max() + ? std::numeric_limits<uint32_t>::max() + : static_cast<uint32_t>(raw_len_number); if (length > 0) { Handle<Object> first_element; ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, first_element, diff --git a/deps/v8/src/builtins/builtins-typed-array.cc b/deps/v8/src/builtins/builtins-typed-array.cc index 8c913c301d..ac1b23c8d3 100644 --- a/deps/v8/src/builtins/builtins-typed-array.cc +++ b/deps/v8/src/builtins/builtins-typed-array.cc @@ -27,21 +27,18 @@ BUILTIN(TypedArrayPrototypeBuffer) { namespace { int64_t CapRelativeIndex(Handle<Object> num, int64_t minimum, int64_t maximum) { - int64_t relative; if (V8_LIKELY(num->IsSmi())) { - relative = Smi::ToInt(*num); + int64_t relative = Smi::ToInt(*num); + return relative < 0 ? std::max<int64_t>(relative + maximum, minimum) + : std::min<int64_t>(relative, maximum); } else { DCHECK(num->IsHeapNumber()); - double fp = HeapNumber::cast(*num)->value(); - if (V8_UNLIKELY(!std::isfinite(fp))) { - // +Infinity / -Infinity - DCHECK(!std::isnan(fp)); - return fp < 0 ? minimum : maximum; - } - relative = static_cast<int64_t>(fp); + double relative = HeapNumber::cast(*num)->value(); + DCHECK(!std::isnan(relative)); + return static_cast<int64_t>( + relative < 0 ? std::max<double>(relative + maximum, minimum) + : std::min<double>(relative, maximum)); } - return relative < 0 ? std::max<int64_t>(relative + maximum, minimum) - : std::min<int64_t>(relative, maximum); } } // namespace |