Issue metadata
Sign in to add a comment
|
A bug caused by the failure of WriteOneByte in v8/src/api.cc
Reported by
leanderz...@gmail.com,
Jan 21 2017
|
||||||||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0
Steps to reproduce the problem:
1. This is a bug found by our static analysis tool.
2. We found an error returned by WriteOneByte caused the following failure of v8/test/unittests:unittests target.
../../v8/test/unittests/value-serializer-unittest.cc:1445: Failure
Value of: EvaluateScriptForResultBool("result.toString() === '/foo/g'")
Actual: false
Expected: true
[ FAILED ] ValueSerializerTest.RoundTripRegExp (2 ms)
What is the expected behavior?
What went wrong?
The function WriteUtf8() in v8/src/api.cc calls WriteOneByte() for one-byte write in fast path. The data actually written may be smaller than "capacity". This error can cause the bug and it happens because the return value of WriteOneByte was not checked in the code. Can you fix it?
Did this work before? Yes 57.0.2981.0 (64-bit)
Chrome version: <Copy from: 'about:version'> Channel: stable
OS Version: Version 57.0.2981.0 (64-bit)
Flash Version:
,
Jan 30 2017
,
Feb 1 2017
,
Feb 2 2017
Did you modify WriteUtf8 to spuriously return an incorrect result? The capacity is sized to exactly match the UTF-8 output, so WriteUtf8 should not fail. In general, our functions do not randomly fail or early-out when their preconditions are met. Regardless, this code has now been removed for another reason, and no longer uses WriteUtf8. |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by jmukthavaram@chromium.org
, Jan 23 2017