• jgruber's avatar
    [value-serializer] Verify deserialized JSRegExp flags · 540419b6
    jgruber authored
    One of the serializer fuzzers passes in random data to the deserializer,
    which can then be used to deserialize a JSRegExp instance with random flag
    contents. This can cause issues since the JSRegExp::Flag enum statically
    contains kDotAll - but it is only valid to set kDotAll iff
    FLAG_harmony_regexp_dotall is set.
    
    This CL verifies deserialized flags before constructing the JSRegExp
    and bails out if they are invalid.
    
    R=jbroman@chromium.org,yangguo@chromium.org
    BUG=chromium:719280
    
    Review-Url: https://codereview.chromium.org/2870743004
    Cr-Commit-Position: refs/heads/master@{#45222}
    540419b6
value-serializer.cc 71.9 KB