From ca319862fd5442d87416d04b99655c1457540969 Mon Sep 17 00:00:00 2001 From: Ali Ijaz Sheikh Date: Mon, 20 Mar 2017 10:04:48 -0700 Subject: [PATCH] deps: cherry-pick ca0f9573 from V8 upstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original commit message: Trigger OOM crash if no memory returned in v8::ArrayBuffer::New and v… …8::SharedArrayBuffer::New. This API does not allow reporting failure, but we should crash rather than have the caller get an ArrayBuffer that isn't properly set up. BUG=chromium:681843 Review-Url: https://codereview.chromium.org/2641953002 Cr-Commit-Position: refs/heads/master@{#42511} --- deps/v8/include/v8-version.h | 2 +- deps/v8/src/api.cc | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index f2c738770a43b4..2751bb168981ad 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 5 #define V8_MINOR_VERSION 5 #define V8_BUILD_NUMBER 372 -#define V8_PATCH_LEVEL 41 +#define V8_PATCH_LEVEL 42 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc index c2c57b4e587fc5..b8354095c69497 100644 --- a/deps/v8/src/api.cc +++ b/deps/v8/src/api.cc @@ -7277,7 +7277,11 @@ Local v8::ArrayBuffer::New(Isolate* isolate, size_t byte_length) { ENTER_V8(i_isolate); i::Handle obj = i_isolate->factory()->NewJSArrayBuffer(i::SharedFlag::kNotShared); - i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length); + // TODO(jbroman): It may be useful in the future to provide a MaybeLocal + // version that throws an exception or otherwise does not crash. + if (!i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length)) { + i::FatalProcessOutOfMemory("v8::ArrayBuffer::New"); + } return Utils::ToLocal(obj); } @@ -7467,8 +7471,12 @@ Local v8::SharedArrayBuffer::New(Isolate* isolate, ENTER_V8(i_isolate); i::Handle obj = i_isolate->factory()->NewJSArrayBuffer(i::SharedFlag::kShared); - i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length, true, - i::SharedFlag::kShared); + // TODO(jborman): It may be useful in the future to provide a MaybeLocal + // version that throws an exception or otherwise does not crash. + if (!i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length, true, + i::SharedFlag::kShared)) { + i::FatalProcessOutOfMemory("v8::SharedArrayBuffer::New"); + } return Utils::ToLocalShared(obj); }