Skip to content

Commit 888996b

Browse files
ClearScriptLibClearScriptLib
committed
Patched integer overflow in V8's stack limit calculation, possibly fixing GitHub Issue ClearFoundry#111.
1 parent 66e0ed1 commit 888996b

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

ClearScript/V8/V8/V8Patch.txt

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,22 @@ index 4b87d81ea1..c166e09920 100644
108108
unsigned trace_indentation_ = 0;
109109
PerIsolateCompilerCache* compiler_cache_;
110110
ZoneUnorderedMap<FeedbackNexus, ProcessedFeedback, FeedbackNexusHash,
111+
diff --git a/src/execution.cc b/src/execution.cc
112+
index 69f9e1e2d7..d37ba55ebf 100644
113+
--- a/src/execution.cc
114+
+++ b/src/execution.cc
115+
@@ -590,8 +590,10 @@ bool StackGuard::ThreadLocal::Initialize(Isolate* isolate) {
116+
bool should_set_stack_limits = false;
117+
if (real_climit_ == kIllegalLimit) {
118+
const uintptr_t kLimitSize = FLAG_stack_size * KB;
119+
- DCHECK_GT(GetCurrentStackPosition(), kLimitSize);
120+
uintptr_t limit = GetCurrentStackPosition() - kLimitSize;
121+
+ if (GetCurrentStackPosition() < kLimitSize) {
122+
+ limit = 0;
123+
+ }
124+
real_jslimit_ = SimulatorStack::JsLimitFromCLimit(isolate, limit);
125+
set_jslimit(SimulatorStack::JsLimitFromCLimit(isolate, limit));
126+
real_climit_ = limit;
111127
diff --git a/src/objects.cc b/src/objects.cc
112128
index 8337b3d4cf..b92280d991 100644
113129
--- a/src/objects.cc

0 commit comments

Comments
 (0)