3530fa9cd0
deps: backport 4ed5fde4f from v8 upstream
...
Original commit message:
Fix x64 MathMinMax for negative untagged int32 arguments.
An untagged int32 has zeros in the upper half even if it is negative.
Using cmpq to compare such numbers will incorrectly ignore the sign.
BUG=164442
R=mvstanton@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11665007
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@13273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-07-18 14:57:18 +04:00
a960d1707a
deps: backport 23f2736a from v8 upstream
...
Original text:
Fix corner case in x64 compare stubs.
BUG=v8:2416
Review URL: https://codereview.chromium.org/11413087
fix #7528
2014-05-02 22:53:27 +04:00
39e2426b20
v8: backport fix for CVE-2013-{6639|6640}
...
Quoting CVE-2013-6639:
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
allows remote attackers to cause a denial of service (out-of-bounds
write) or possibly have unspecified other impact via JavaScript code
that sets the value of an array element with a crafted index.
Quoting CVE-2013-6640:
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
allows remote attackers to cause a denial of service (out-of-bounds
read) via JavaScript code that sets a variable to the value of an
array element with a crafted index.
Like 6b92a7, this is unlikely to affect node.js because it only runs
local, trusted code. However, if there exists some module somewhere
that populates an array index with remotely provided data this could
very well be used to crash a remote server running node. Defense in
depth and all.
This is a backport of upstream commit r17801. Original commit log:
Limit size of dehoistable array indices
LOG=Y
BUG=chromium:319835,chromium:319860
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/74113002
2013-12-14 02:55:29 +04:00
3dcc9b93e1
v8: unbreak `make native` build
...
The security fix from commit 6b92a713
2013-11-09 22:27:22 +01:00
6b92a71321
v8: back-port fix for CVE-2013-2882
...
Quoting the CVE:
Google V8, as used in Google Chrome before 28.0.1500.95, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that leverage "type confusion."
Likely has zero impact on node.js because it only runs local, trusted
code but let's apply it anyway.
This is a back-port of upstream commit r15665. Original commit log:
Use internal array as API function cache.
R=yangguo@chromium.org
BUG=chromium:260106
TEST=cctest/test-api/Regress260106
Review URL: https://codereview.chromium.org/19159003
Fixes #5973 .
2013-08-05 18:17:24 +02:00
41fc46e52f
v8: add setVariableValue debugger command
...
Issue 2399 part 1: In debugger allow modifying local variable values
Issue 2399 part 2: In debugger allow modifying local variable values
Review URL: https://codereview.chromium.org/11415042
Review URL: https://codereview.chromium.org/11412310
This is a back-port of upstream svn commits r13122 and r13202.
2013-06-17 15:24:45 +02:00
81c278d58d
V8: Upgrade to 3.14.5.8
2013-03-06 12:59:58 -08:00
b15a10e7a0
deps: downgrade v8 to 3.14.5
...
V8 3.15 and newer have stability and performance issues. Roll back to
a known-good version.
2013-02-25 23:45:02 +01:00
0c2e5ec840
V8: Upgrade to 3.15.11.15
2013-02-08 17:17:45 -08:00
8024252877
V8: Upgrade to 3.15.11.10
2013-01-24 09:10:01 -08:00
d22bd9e3c4
deps: update v8 to 3.15.11.7
2013-01-12 00:10:45 +04:00
0054264d88
v8: update to 3.15.11.5
2013-01-04 15:44:47 +04:00
7b4d95a976
deps: update v8 to 3.15.11
2013-01-01 16:07:02 +04:00
1e738c5ef2
build: make python executable configurable
...
Upstreamed in https://codereview.chromium.org/11418101/
Fixes #4287 .
2012-11-20 22:47:45 +01:00
95c9305874
V8: Upgrade to 3.13.7.4
2012-10-23 11:48:55 -07:00
3411a03dd1
V8: Upgrade to 3.13.7.1
2012-09-21 01:52:24 +02:00
052e63f27f
v8: fix semaphore on MacOS
...
Landed upstream: https://chromiumcodereview.appspot.com/10867009/
2012-09-06 16:07:40 +02:00
4899116d4b
v8: upgrade to 3.11.10.22
2012-09-06 15:58:09 +02:00
2d9239359d
v8: upgrade to v3.11.10.19
2012-08-21 03:04:16 +02:00
f4f0daa44d
V8: Upgrade to 3.11.10.17
2012-07-24 14:18:47 -07:00
a0a0062d61
v8: upgrade to 3.11.10.15
2012-07-17 11:43:02 -07:00
5b5c8b6005
v8: Upgrade to 3.11.10.14
2012-07-07 23:45:00 +02:00
74872b0dc9
v8: upgrade to version 3.11.10.12
2012-06-26 02:03:24 +02:00
6b26583e84
v8: upgrade to v3.11.10.10
2012-06-21 00:33:44 +02:00
f94b85db83
Revert part of 11727 as it sometimes tanked V8 benchmark (raytrace) performance for reasons that are not obvious. Now we make objects into fast-case objects when they are made prototypes for other objects, but we do not mark objects that are already fast case with a bit that helps keep them in fast case. Review URL: https://chromiumcodereview.appspot.com/10556004
...
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-19 17:56:50 +02:00
c231321cd3
Fix assertion for map code cache of shared maps.
...
R=danno@chromium.org
TEST=mjsunit/compare-known-objects-slow
Review URL: https://chromiumcodereview.appspot.com/10548046
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-15 00:35:37 +02:00
48893af7bb
Fix performance regression caused by r11202.
...
R=erik.corry@gmail.com
BUG=v8:2156,v8:2034
TEST=mjsunit/regress/regress-2156,mjsunit/regress/regress-2034
Review URL: https://chromiumcodereview.appspot.com/10539131
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-06-14 01:37:14 +02:00
50464cd4f4
v8: upgrade to v3.11.10
2012-06-14 01:37:13 +02:00
940a6863ea
Roll V8 back to 3.9.24.31
2012-06-09 08:09:42 -07:00
46b09e4190
Roll V8 back to 3.10.8.13
2012-06-07 17:54:21 -07:00
cbdf3393a2
Upgrade v8 to 3.11.7
2012-06-01 22:31:04 -07:00
3f3f958c14
Upgrade V8 to 3.11.1
2012-05-16 14:22:33 -07:00
01d146c29f
Merge remote-tracking branch 'ry/v0.6' into v0.6-merge
...
Conflicts:
ChangeLog
Makefile
deps/npm/AUTHORS
deps/npm/html/api/bin.html
deps/npm/html/api/bugs.html
deps/npm/html/api/commands.html
deps/npm/html/api/config.html
deps/npm/html/api/deprecate.html
deps/npm/html/api/docs.html
deps/npm/html/api/edit.html
deps/npm/html/api/explore.html
deps/npm/html/api/help-search.html
deps/npm/html/api/init.html
deps/npm/html/api/install.html
deps/npm/html/api/link.html
deps/npm/html/api/load.html
deps/npm/html/api/ls.html
deps/npm/html/api/npm.html
deps/npm/html/api/outdated.html
deps/npm/html/api/owner.html
deps/npm/html/api/pack.html
deps/npm/html/api/prefix.html
deps/npm/html/api/prune.html
deps/npm/html/api/publish.html
deps/npm/html/api/rebuild.html
deps/npm/html/api/restart.html
deps/npm/html/api/root.html
deps/npm/html/api/run-script.html
deps/npm/html/api/search.html
deps/npm/html/api/shrinkwrap.html
deps/npm/html/api/start.html
deps/npm/html/api/stop.html
deps/npm/html/api/submodule.html
deps/npm/html/api/tag.html
deps/npm/html/api/test.html
deps/npm/html/api/uninstall.html
deps/npm/html/api/unpublish.html
deps/npm/html/api/update.html
deps/npm/html/api/version.html
deps/npm/html/api/view.html
deps/npm/html/api/whoami.html
deps/npm/html/doc/README.html
deps/npm/html/doc/adduser.html
deps/npm/html/doc/bin.html
deps/npm/html/doc/bugs.html
deps/npm/html/doc/build.html
deps/npm/html/doc/bundle.html
deps/npm/html/doc/cache.html
deps/npm/html/doc/changelog.html
deps/npm/html/doc/coding-style.html
deps/npm/html/doc/completion.html
deps/npm/html/doc/config.html
deps/npm/html/doc/deprecate.html
deps/npm/html/doc/developers.html
deps/npm/html/doc/disputes.html
deps/npm/html/doc/docs.html
deps/npm/html/doc/edit.html
deps/npm/html/doc/explore.html
deps/npm/html/doc/faq.html
deps/npm/html/doc/folders.html
deps/npm/html/doc/help-search.html
deps/npm/html/doc/help.html
deps/npm/html/doc/index.html
deps/npm/html/doc/init.html
deps/npm/html/doc/install.html
deps/npm/html/doc/json.html
deps/npm/html/doc/link.html
deps/npm/html/doc/list.html
deps/npm/html/doc/npm.html
deps/npm/html/doc/outdated.html
deps/npm/html/doc/owner.html
deps/npm/html/doc/pack.html
deps/npm/html/doc/prefix.html
deps/npm/html/doc/prune.html
deps/npm/html/doc/publish.html
deps/npm/html/doc/rebuild.html
deps/npm/html/doc/registry.html
deps/npm/html/doc/removing-npm.html
deps/npm/html/doc/restart.html
deps/npm/html/doc/root.html
deps/npm/html/doc/run-script.html
deps/npm/html/doc/scripts.html
deps/npm/html/doc/search.html
deps/npm/html/doc/semver.html
deps/npm/html/doc/shrinkwrap.html
deps/npm/html/doc/star.html
deps/npm/html/doc/start.html
deps/npm/html/doc/stop.html
deps/npm/html/doc/submodule.html
deps/npm/html/doc/tag.html
deps/npm/html/doc/test.html
deps/npm/html/doc/uninstall.html
deps/npm/html/doc/unpublish.html
deps/npm/html/doc/update.html
deps/npm/html/doc/version.html
deps/npm/html/doc/view.html
deps/npm/html/doc/whoami.html
deps/npm/man/man1/npm.1
deps/npm/man/man3/npm.3
deps/npm/package.json
doc/api/url.markdown
lib/http.js
src/node_version.h
test/simple/test-fs-sync-fd-leak.js
2012-05-04 15:12:47 -07:00
6ed5ef5fe0
Upgrade V8 to 3.9.24.9
2012-04-18 09:36:44 -07:00
5d69bbfbdb
Fix bug in x64 RegExp detecting start of string.
...
Also add missing MIPS case in regexp tracer.
Fixes issues v8:1748 and v8:1746
BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js
Review URL: http://codereview.chromium.org/8116001
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-04-16 17:40:17 +02:00
69ca83f755
Upgrade V8 to 3.6.6.25
2012-04-16 17:27:16 +02:00
4b64542fe0
Upgrade V8 to 3.9.24.6
2012-03-28 19:51:38 -07:00
e4fc2cbfd3
Upgrade v8 to 3.9.17
2012-03-12 21:46:36 -07:00
2e24ded6d2
Upgrade v8 to 3.9.11
2012-02-27 13:43:31 -08:00
f4641bd4de
Update v8 to 3.9.9
2012-02-27 12:11:09 -08:00
68a0c56a7d
Upgrade V8 to 3.9.5
2012-02-13 10:05:16 -08:00
8be699494e
Upgrade V8 to 3.9.2
2012-02-06 15:21:49 -08:00
05471f5c2a
Update v8 to 3.8.9
2012-01-31 18:35:04 -08:00
40879f33cd
Upgrade V8 to 3.8.8
2012-01-23 17:16:27 -08:00
4afc46d7bc
Upgrade V8 to 3.6.6.19
2012-01-19 18:29:11 -08:00
1695332941
Land number collision fix for v8 3.6 by Erik Corry
...
- If V8 snapshots are enabled then the hash is only randomized at build time.
---
backport @10366, @10367 and @10402 to 3.6
Add seed to hash of numeric keyed properties.
Minor cleanups of numeric seeded hashing patch.
Split NumberDictionary into a randomly seeded and an unseeded version.
We don't want to randomize the stub cache.
Review URL: http://codereview.chromium.org/9190001/
2012-01-17 22:22:52 +06:00
60040a4f36
Upgrade V8 to 3.8.6
2012-01-16 14:37:57 -08:00
8e5674fb5c
Upgrade V8 to 3.8.5
2012-01-06 13:03:06 -08:00
4a899c9274
Land hash collision fix for V8 3.6 by Erik Corry.
...
- If V8 snapshots are enabled then the hash is only randomized at build time.
- Breaks MIPS
---
Backport hash collision workaround to 3.6.
This is made up of 9956, 10351, 10338 and 10330.
This change bakes the string hash key into the snapshot, so
it is determined at build time for shapshot configs.
Review URL: http://codereview.chromium.org/9124004
2012-01-06 17:02:01 +01:00
557fc396b4
Upgrade V8 to 3.8.4
2012-01-03 11:46:53 -08:00
Fedor Indutny
jkummerow@chromium.org
Ben Noordhuis
mstarzinger@chromium.org
isaacs
Fedor Indutny
Bert Belder
erik.corry@gmail.com
lrn@chromium.org
Ryan Dahl