Skip to content

Commit 1162c46

Browse files
jakobkummerowjakobkummerow
committed
[bigint] Fix possibly-uninitialized leading digit on right shift
(cherry picked from commit e82a3b4) Fixed: chromium:1151890 Change-Id: I26f5c76494a9ff3f5a141f381e1c9a543e368571 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561618 Auto-Submit: Jakob Kummerow <[email protected]> Commit-Queue: Georg Neis <[email protected]> Reviewed-by: Georg Neis <[email protected]> Cr-Original-Commit-Position: refs/heads/master@{#71422} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565245 Reviewed-by: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/branch-heads/8.7@{#57} Cr-Branched-From: 0d81cd7-refs/heads/8.7.220@{#1} Cr-Branched-From: 942c2ef-refs/heads/master@{#70196}
1 parent 4a35720 commit 1162c46

2 files changed

Lines changed: 13 additions & 0 deletions

File tree

src/objects/bigint.cc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1872,6 +1872,8 @@ Handle<BigInt> MutableBigInt::RightShiftByAbsolute(Isolate* isolate,
18721872
DCHECK_LE(result_length, length);
18731873
Handle<MutableBigInt> result = New(isolate, result_length).ToHandleChecked();
18741874
if (bits_shift == 0) {
1875+
// Zero out any overflow digit (see "rounding_can_overflow" above).
1876+
result->set_digit(result_length - 1, 0);
18751877
for (int i = digit_shift; i < length; i++) {
18761878
result->set_digit(i - digit_shift, x->digit(i));
18771879
}

test/mjsunit/regress/regress-crbug-1151890.js

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
// Copyright 2020 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
// Flags: --allow-natives-syntax
6+
7+
for (let i = 0, j = 0; i < 10; ++i) {
8+
let x = (-0xffffffffffffffff_ffffffffffffffffn >> 0x40n);
9+
assertEquals(-0x10000000000000000n, x);
10+
%SimulateNewspaceFull();
11+
}

0 commit comments

Comments
 (0)