• jbroman's avatar
    ValueDeserializer: Only allow valid keys when deserializing object properties. · 8990399d
    jbroman authored
    The serializer won't ever write a more complex object. Not validating this
    allows other things to be used as keys, and converted to string when the
    property set actually occurs. It turns out this gives an opportunity to trigger
    OOM by giving an object a key which is a very large sparse array (whose string
    representation is very large).
    
    This case is now rejected by the deserializer.
    
    BUG=chromium:686511
    
    Review-Url: https://codereview.chromium.org/2697023002
    Cr-Commit-Position: refs/heads/master@{#43249}
    8990399d
value-serializer.cc 68.1 KB