Skip to content

Commit 6d93dbc

Browse files
sethbrenithsethbrenith
committed
quiet a spurious assertion
I recently added an assertion to make sure that the owning reference for SubStrings points to something reasonable. I missed a case, which happens in the following minimum repro: ```javascript ("" + [undefined, undefined]).trim() ``` Array.prototype.toString generates a CompoundString with only one character. GetSz on the CompoundString has a special case for single-character strings, where it points to the same buffer as the copy of that string in the script context's cache. Then `trim` tries to make a substring, but asserts that we've done something wrong. The assertion is wrong (this operation is safe) because the buffer is held alive by the collection of single-character strings. (`trim` could easily avoid allocating a new SubString in this case, but that's beyond the scope of this change.) Fixes OS:17642622
1 parent e381509 commit 6d93dbc

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

lib/Runtime/Library/SubString.cpp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,9 @@ namespace Js
4040
#if SYSINFO_IMAGE_BASE_AVAILABLE
4141
AssertMsg(AutoSystemInfo::IsJscriptModulePointer((void*)originalFullStringReference)
4242
|| recycler->IsValidObject((void*)originalFullStringReference)
43-
|| (VirtualTableInfo<PropertyRecord>::HasVirtualTable((void*)originalFullStringReference) && ((PropertyRecord*)originalFullStringReference)->IsBound()),
44-
"Owning pointer for SubString must be static or GC pointer, or property record bound by thread allocator");
43+
|| (VirtualTableInfo<PropertyRecord>::HasVirtualTable((void*)originalFullStringReference) && ((PropertyRecord*)originalFullStringReference)->IsBound())
44+
|| (string->GetLength() == 1 && originalFullStringReference == scriptContext->GetLibrary()->GetCharStringCache().GetStringForChar(string->GetString()[0])->UnsafeGetBuffer()),
45+
"Owning pointer for SubString must be static or GC pointer, property record bound by thread allocator, or character buffer in global string cache");
4546
#endif
4647

4748
return RecyclerNew(recycler, SubString, originalFullStringReference, subString, length, scriptContext);

0 commit comments

Comments
 (0)