Skip to content
This repository has been archived by the owner on Oct 15, 2020. It is now read-only.

Commit

Permalink
deps: update ChakraCore to chakra-core/ChakraCore@ba1f4455f9
Browse files Browse the repository at this point in the history
[MERGE #6167 @pleath] Fail on unexpected missing item constant in an array head segment during native array conversion

Merge pull request #6167 from pleath:arrayfail

Reviewed-By: chakrabot <chakrabot@users.noreply.github.com>
  • Loading branch information
pleath authored and chakrabot committed Jun 18, 2019
1 parent 08a06c7 commit 4b8c718
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
5 changes: 5 additions & 0 deletions deps/chakrashim/core/lib/Runtime/Library/JavascriptArray.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

// TODO: Change this generic fatal error to the descriptive one.
#define AssertAndFailFast(x) if (!(x)) { Assert(x); Js::Throw::FatalInternalError(); }
#define AssertMsgAndFailFast(x, m) if (!(x)) { AssertMsg((x), m); Js::Throw::FatalInternalError(); }

using namespace Js;

Expand Down Expand Up @@ -1758,6 +1759,7 @@ using namespace Js;
ival = ((SparseArraySegment<int32>*)seg)->elements[i /*+ seg->length*/];
if (ival == JavascriptNativeIntArray::MissingItem)
{
AssertMsgAndFailFast(newSeg != intArray->head || !intArray->HasNoMissingValues(), "Unexpected missing item during array conversion");
continue;
}
newSeg->elements[i] = (double)ival;
Expand Down Expand Up @@ -2025,6 +2027,7 @@ using namespace Js;
ival = ((SparseArraySegment<int32>*)seg)->elements[i];
if (ival == JavascriptNativeIntArray::MissingItem)
{
AssertMsgAndFailFast(seg != intArray->head || !intArray->HasNoMissingValues(), "Unexpected missing item during array conversion");
continue;
}
newSeg->elements[i] = JavascriptNumber::ToVar(ival, scriptContext);
Expand Down Expand Up @@ -2059,6 +2062,7 @@ using namespace Js;
ival = ((SparseArraySegment<int32>*)seg)->elements[i];
if (ival == JavascriptNativeIntArray::MissingItem)
{
AssertMsgAndFailFast(seg != intArray->head || !intArray->HasNoMissingValues(), "Unexpected missing item during array conversion");
((SparseArraySegment<Var>*)seg)->elements[i] = (Var)JavascriptArray::MissingItem;
}
else
Expand Down Expand Up @@ -2238,6 +2242,7 @@ using namespace Js;
{
if (SparseArraySegment<double>::IsMissingItem(&((SparseArraySegment<double>*)seg)->elements[i]))
{
AssertMsgAndFailFast(seg != fArray->head || !fArray->HasNoMissingValues(), "Unexpected missing item during conversion");
if (seg == newSeg)
{
newSeg->elements[i] = (Var)JavascriptArray::MissingItem;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,12 @@ namespace Js
Assert(sizeof(T) % sizeof(Var) == 0);
uint step = sizeof(T) / sizeof(Var);

for (uint i = start; i < size * step; i++)
// We're filling [length...size-1] based on the element size. If this is going to be a float segment on 32-bit,
// only fill past the point where the float elements will reside. Size * step has to be a 32-bit number.
start *= step;
size *= step;

for (uint i = start; i < size; i++)
{
((Var*)(this->elements))[i] = fill; // swb: no write barrier, set to non-GC pointer
}
Expand Down

0 comments on commit 4b8c718

Please sign in to comment.