| commit | b199bcdd47ae97ec116b430e34ab42001c8f04c0 | [log] [tgz] |
|---|---|---|
| author | fedor <fedor@indutny.com> | Mon Jul 06 11:00:05 2015 |
| committer | Commit bot <commit-bot@chromium.org> | Mon Jul 06 11:00:12 2015 |
| tree | 394a77598a63530328b7347ee50797f1132fc45b | |
| parent | 9599bad42004003a67de974495e8b933190ec624 [diff] |
unicode-decoder: fix out-of-band write in utf16 `WriteUtf16Slow` should not assume that the output buffer has enough bytes to hold both words of surrogate pair. It should pass the number of remaining bytes to the `Utf8::ValueOf` instead, just as we already do in `Utf8DecoderBase::Reset`. Otherwise it will attempt to write the trail uint16_t past the buffer boundary, leading to memory corruption and possible crash. Originally reported by: Kris Reeves <kris.re@bbhmedia.com> BUG=v8:4274 R=danno R=svenpanne LOG=y Review URL: https://codereview.chromium.org/1226493003 Cr-Commit-Position: refs/heads/master@{#29485}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://code.google.com/p/v8/
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*