daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,866 Commits
52 Branches
862 Tags
1.9 GiB
Commit Graph

177 Commits (4f1ae11a62b97052bc83756f8cb8700cc1f61661)

Author SHA1 Message Date
Fedor Indutny 3530fa9cd0 deps: backport 4ed5fde4f from v8 upstream 
Original commit message:

    Fix x64 MathMinMax for negative untagged int32 arguments.

    An untagged int32 has zeros in the upper half even if it is negative.
    Using cmpq to compare such numbers will incorrectly ignore the sign.

    BUG=164442
    R=mvstanton@chromium.org

    Review URL: https://chromiumcodereview.appspot.com/11665007

    git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@13273 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Signed-off-by: Fedor Indutny <fedor@indutny.com>
 2014-07-18 14:57:18 +04:00
Fedor Indutny a960d1707a deps: backport 23f2736a from v8 upstream 
Original text:

    Fix corner case in x64 compare stubs.

    BUG=v8:2416

    Review URL: https://codereview.chromium.org/11413087

fix #7528
 2014-05-02 22:53:27 +04:00
jkummerow@chromium.org 39e2426b20 v8: backport fix for CVE-2013-{6639|6640} 
Quoting CVE-2013-6639:

    The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
    before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
    allows remote attackers to cause a denial of service (out-of-bounds
    write) or possibly have unspecified other impact via JavaScript code
    that sets the value of an array element with a crafted index.

Quoting CVE-2013-6640:

    The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
    before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
    allows remote attackers to cause a denial of service (out-of-bounds
    read) via JavaScript code that sets a variable to the value of an
    array element with a crafted index.

Like 6b92a7, this is unlikely to affect node.js because it only runs
local, trusted code.  However, if there exists some module somewhere
that populates an array index with remotely provided data this could
very well be used to crash a remote server running node.  Defense in
depth and all.

This is a backport of upstream commit r17801. Original commit log:

    Limit size of dehoistable array indices

    LOG=Y
    BUG=chromium:319835,chromium:319860
    R=dslomov@chromium.org

    Review URL: https://codereview.chromium.org/74113002
 2013-12-14 02:55:29 +04:00
Ben Noordhuis 41fc46e52f v8: add setVariableValue debugger command 
Issue 2399 part 1: In debugger allow modifying local variable values
Issue 2399 part 2: In debugger allow modifying local variable values

Review URL: https://codereview.chromium.org/11415042
Review URL: https://codereview.chromium.org/11412310

This is a back-port of upstream svn commits r13122 and r13202.
 2013-06-17 15:24:45 +02:00
isaacs 81c278d58d V8: Upgrade to 3.14.5.8 2013-03-06 12:59:58 -08:00
Ben Noordhuis b15a10e7a0 deps: downgrade v8 to 3.14.5 
V8 3.15 and newer have stability and performance issues. Roll back to
a known-good version.
 2013-02-25 23:45:02 +01:00
isaacs 0c2e5ec840 V8: Upgrade to 3.15.11.15 2013-02-08 17:17:45 -08:00
isaacs 8024252877 V8: Upgrade to 3.15.11.10 2013-01-24 09:10:01 -08:00
Fedor Indutny d22bd9e3c4 deps: update v8 to 3.15.11.7 2013-01-12 00:10:45 +04:00
Fedor Indutny 0054264d88 v8: update to 3.15.11.5 2013-01-04 15:44:47 +04:00
Fedor Indutny 7b4d95a976 deps: update v8 to 3.15.11 2013-01-01 16:07:02 +04:00
isaacs 95c9305874 V8: Upgrade to 3.13.7.4 2012-10-23 11:48:55 -07:00
isaacs 3411a03dd1 V8: Upgrade to 3.13.7.1 2012-09-21 01:52:24 +02:00
Bert Belder 4899116d4b v8: upgrade to 3.11.10.22 2012-09-06 15:58:09 +02:00
Bert Belder 2d9239359d v8: upgrade to v3.11.10.19 2012-08-21 03:04:16 +02:00
isaacs f4f0daa44d V8: Upgrade to 3.11.10.17 2012-07-24 14:18:47 -07:00
Bert Belder 74872b0dc9 v8: upgrade to version 3.11.10.12 2012-06-26 02:03:24 +02:00
Bert Belder 6b26583e84 v8: upgrade to v3.11.10.10 2012-06-21 00:33:44 +02:00
erik.corry@gmail.com f94b85db83 Revert part of 11727 as it sometimes tanked V8 benchmark (raytrace) performance for reasons that are not obvious. Now we make objects into fast-case objects when they are made prototypes for other objects, but we do not mark objects that are already fast case with a bit that helps keep them in fast case. Review URL: https://chromiumcodereview.appspot.com/10556004 
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-06-19 17:56:50 +02:00
mstarzinger@chromium.org c231321cd3 Fix assertion for map code cache of shared maps. 
R=danno@chromium.org
TEST=mjsunit/compare-known-objects-slow

Review URL: https://chromiumcodereview.appspot.com/10548046

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-06-15 00:35:37 +02:00
mstarzinger@chromium.org 48893af7bb Fix performance regression caused by r11202. 
R=erik.corry@gmail.com
BUG=v8:2156,v8:2034
TEST=mjsunit/regress/regress-2156,mjsunit/regress/regress-2034

Review URL: https://chromiumcodereview.appspot.com/10539131

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-06-14 01:37:14 +02:00
Bert Belder 50464cd4f4 v8: upgrade to v3.11.10 2012-06-14 01:37:13 +02:00
isaacs 940a6863ea Roll V8 back to 3.9.24.31 2012-06-09 08:09:42 -07:00
isaacs 46b09e4190 Roll V8 back to 3.10.8.13 2012-06-07 17:54:21 -07:00
isaacs cbdf3393a2 Upgrade v8 to 3.11.7 2012-06-01 22:31:04 -07:00
isaacs 3f3f958c14 Upgrade V8 to 3.11.1 2012-05-16 14:22:33 -07:00
isaacs 01d146c29f Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	Makefile
	deps/npm/AUTHORS
	deps/npm/html/api/bin.html
	deps/npm/html/api/bugs.html
	deps/npm/html/api/commands.html
	deps/npm/html/api/config.html
	deps/npm/html/api/deprecate.html
	deps/npm/html/api/docs.html
	deps/npm/html/api/edit.html
	deps/npm/html/api/explore.html
	deps/npm/html/api/help-search.html
	deps/npm/html/api/init.html
	deps/npm/html/api/install.html
	deps/npm/html/api/link.html
	deps/npm/html/api/load.html
	deps/npm/html/api/ls.html
	deps/npm/html/api/npm.html
	deps/npm/html/api/outdated.html
	deps/npm/html/api/owner.html
	deps/npm/html/api/pack.html
	deps/npm/html/api/prefix.html
	deps/npm/html/api/prune.html
	deps/npm/html/api/publish.html
	deps/npm/html/api/rebuild.html
	deps/npm/html/api/restart.html
	deps/npm/html/api/root.html
	deps/npm/html/api/run-script.html
	deps/npm/html/api/search.html
	deps/npm/html/api/shrinkwrap.html
	deps/npm/html/api/start.html
	deps/npm/html/api/stop.html
	deps/npm/html/api/submodule.html
	deps/npm/html/api/tag.html
	deps/npm/html/api/test.html
	deps/npm/html/api/uninstall.html
	deps/npm/html/api/unpublish.html
	deps/npm/html/api/update.html
	deps/npm/html/api/version.html
	deps/npm/html/api/view.html
	deps/npm/html/api/whoami.html
	deps/npm/html/doc/README.html
	deps/npm/html/doc/adduser.html
	deps/npm/html/doc/bin.html
	deps/npm/html/doc/bugs.html
	deps/npm/html/doc/build.html
	deps/npm/html/doc/bundle.html
	deps/npm/html/doc/cache.html
	deps/npm/html/doc/changelog.html
	deps/npm/html/doc/coding-style.html
	deps/npm/html/doc/completion.html
	deps/npm/html/doc/config.html
	deps/npm/html/doc/deprecate.html
	deps/npm/html/doc/developers.html
	deps/npm/html/doc/disputes.html
	deps/npm/html/doc/docs.html
	deps/npm/html/doc/edit.html
	deps/npm/html/doc/explore.html
	deps/npm/html/doc/faq.html
	deps/npm/html/doc/folders.html
	deps/npm/html/doc/help-search.html
	deps/npm/html/doc/help.html
	deps/npm/html/doc/index.html
	deps/npm/html/doc/init.html
	deps/npm/html/doc/install.html
	deps/npm/html/doc/json.html
	deps/npm/html/doc/link.html
	deps/npm/html/doc/list.html
	deps/npm/html/doc/npm.html
	deps/npm/html/doc/outdated.html
	deps/npm/html/doc/owner.html
	deps/npm/html/doc/pack.html
	deps/npm/html/doc/prefix.html
	deps/npm/html/doc/prune.html
	deps/npm/html/doc/publish.html
	deps/npm/html/doc/rebuild.html
	deps/npm/html/doc/registry.html
	deps/npm/html/doc/removing-npm.html
	deps/npm/html/doc/restart.html
	deps/npm/html/doc/root.html
	deps/npm/html/doc/run-script.html
	deps/npm/html/doc/scripts.html
	deps/npm/html/doc/search.html
	deps/npm/html/doc/semver.html
	deps/npm/html/doc/shrinkwrap.html
	deps/npm/html/doc/star.html
	deps/npm/html/doc/start.html
	deps/npm/html/doc/stop.html
	deps/npm/html/doc/submodule.html
	deps/npm/html/doc/tag.html
	deps/npm/html/doc/test.html
	deps/npm/html/doc/uninstall.html
	deps/npm/html/doc/unpublish.html
	deps/npm/html/doc/update.html
	deps/npm/html/doc/version.html
	deps/npm/html/doc/view.html
	deps/npm/html/doc/whoami.html
	deps/npm/man/man1/npm.1
	deps/npm/man/man3/npm.3
	deps/npm/package.json
	doc/api/url.markdown
	lib/http.js
	src/node_version.h
	test/simple/test-fs-sync-fd-leak.js
 2012-05-04 15:12:47 -07:00
isaacs 6ed5ef5fe0 Upgrade V8 to 3.9.24.9 2012-04-18 09:36:44 -07:00
lrn@chromium.org 5d69bbfbdb Fix bug in x64 RegExp detecting start of string. 
Also add missing MIPS case in regexp tracer.

Fixes issues v8:1748 and v8:1746

BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js

Review URL: http://codereview.chromium.org/8116001

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-16 17:40:17 +02:00
Bert Belder 69ca83f755 Upgrade V8 to 3.6.6.25 2012-04-16 17:27:16 +02:00
isaacs 4b64542fe0 Upgrade V8 to 3.9.24.6 2012-03-28 19:51:38 -07:00
isaacs e4fc2cbfd3 Upgrade v8 to 3.9.17 2012-03-12 21:46:36 -07:00
isaacs 2e24ded6d2 Upgrade v8 to 3.9.11 2012-02-27 13:43:31 -08:00
isaacs f4641bd4de Update v8 to 3.9.9 2012-02-27 12:11:09 -08:00
isaacs 68a0c56a7d Upgrade V8 to 3.9.5 2012-02-13 10:05:16 -08:00
isaacs 8be699494e Upgrade V8 to 3.9.2 2012-02-06 15:21:49 -08:00
isaacs 05471f5c2a Update v8 to 3.8.9 2012-01-31 18:35:04 -08:00
isaacs 40879f33cd Upgrade V8 to 3.8.8 2012-01-23 17:16:27 -08:00
isaacs 4afc46d7bc Upgrade V8 to 3.6.6.19 2012-01-19 18:29:11 -08:00
Ryan Dahl 60040a4f36 Upgrade V8 to 3.8.6 2012-01-16 14:37:57 -08:00
Ryan Dahl 8e5674fb5c Upgrade V8 to 3.8.5 2012-01-06 13:03:06 -08:00
Bert Belder 4a899c9274 Land hash collision fix for V8 3.6 by Erik Corry. 
- If V8 snapshots are enabled then the hash is only randomized at build time.
- Breaks MIPS

---
Backport hash collision workaround to 3.6.
This is made up of 9956, 10351, 10338 and 10330.
This change bakes the string hash key into the snapshot, so
it is determined at build time for shapshot configs.
Review URL: http://codereview.chromium.org/9124004
 2012-01-06 17:02:01 +01:00
Ryan Dahl 557fc396b4 Upgrade V8 to 3.8.4 2012-01-03 11:46:53 -08:00
Ryan Dahl b7c05e1b75 Upgrade V8 to 3.8.3 2011-12-28 14:13:50 -08:00
Ryan Dahl 4eaf4ce26a Upgrade V8 to 3.8.2 2011-12-21 10:54:24 -08:00
Ryan Dahl 21e7292ea0 Upgrade V8 to 3.8.1 2011-12-19 13:06:37 -08:00
Ryan Dahl de3c16afae Upgrade V8 to 3.6.6.14 2011-12-14 16:33:11 -08:00
Ryan Dahl b3a7de15b7 Upgrade V8 to 3.8.0 2011-12-14 15:02:32 -08:00
Ryan Dahl 2003593143 Merge remote branch 'origin/v0.6' 
Conflicts:
	deps/v8/src/debug.cc
	deps/v8/src/version.cc
	src/node_version.h
 2011-12-06 11:50:54 -08:00
Ryan Dahl 21d081fd7f Upgrade V8 to 3.7.12 2011-12-05 16:29:01 -08:00