• Théotime Grohens's avatar
    [dataview] Fix too tight TNode type in DataView getters · 3656b465
    Théotime Grohens authored
    This CL fixes a bug found by Clusterfuzz, in which the functions
    LoadDataViewByteOffset and -ByteLength incorrectly had a return
    type of TNode<Smi> instead of TNode<Number>.
    
    This caused a CAST() call to fail when the requested byte offset
    or byte length did not fit inside a Smi, i.e. when the underlying
    ArrayBuffer of the DataView had a length longer than 2^30 on
    32-bit platforms.
    
    The CL also includes a new test in mjsunit to test against this.
    
    Bug: chromium:869313
    Change-Id: Ibb7d29bda5782a12c4b506c070bb03fef8c3ec70
    Reviewed-on: https://chromium-review.googlesource.com/1158582
    Commit-Queue: Théotime Grohens <theotime@google.com>
    Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#54900}
    3656b465
base.tq 29.9 KB