Make it easier to check if an integer sum would overflow
https://bugs.webkit.org/show_bug.cgi?id=131900
Reviewed by Darin Adler.
Source/JavaScriptCore:
* dfg/DFGOperations.cpp:
* runtime/Operations.h:
(JSC::jsString):
Source/WTF:
* wtf/CheckedArithmetic.h:
(WTF::checkedSum):
(WTF::sumOverflows):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167548 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index 7d14e44..ffacf73 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -968,8 +968,8 @@
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
-
- if (static_cast<int32_t>(left->length() + right->length()) < 0) {
+
+ if (sumOverflows<int32_t>(left->length(), right->length())) {
throwOutOfMemoryError(exec);
return nullptr;
}
@@ -982,10 +982,7 @@
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
- Checked<int32_t, RecordOverflow> length = a->length();
- length += b->length();
- length += c->length();
- if (length.hasOverflowed()) {
+ if (sumOverflows<int32_t>(a->length(), b->length(), c->length())) {
throwOutOfMemoryError(exec);
return nullptr;
}
