[Intl] Check for stack overflow before JSNumberFormat::New()

... which alone requires up to 12 KB of stack space. Bug: chromium:1327833 Change-Id: I6a565fdc590f89804b1207eeddd23400dd6f9553 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702807 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81170}

[Intl] Check for stack overflow before JSNumberFormat::New()
... which alone requires up to 12 KB of stack space. Bug: chromium:1327833 Change-Id: I6a565fdc590f89804b1207eeddd23400dd6f9553 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702807 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81170}
04b2f446 · Igor Sheludko · V8 LUCI CQ · be41754f · 04b2f446
Commit 04b2f446 authored Jun 14, 2022 by Igor Sheludko Committed by V8 LUCI CQ Jun 15, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

intl-objects.cc src/objects/intl-objects.cc +7 -0

No files found.
--- a/src/objects/intl-objects.cc
+++ b/src/objects/intl-objects.cc
@@ -1488,6 +1488,13 @@ MaybeHandle<String> Intl::NumberToLocaleString(Isolate* isolate,
      isolate);
  Handle<JSNumberFormat> number_format;
  // 2. Let numberFormat be ? Construct(%NumberFormat%, « locales, options »).
+  StackLimitCheck stack_check(isolate);
+  // New<JSNumberFormat>() requires a lot of stack space.
+  const int kStackSpaceRequiredForNewJSNumberFormat = 16 * KB;
+  if (stack_check.JsHasOverflowed(kStackSpaceRequiredForNewJSNumberFormat)) {
+    isolate->StackOverflow();
+    return MaybeHandle<String>();
+  }
  ASSIGN_RETURN_ON_EXCEPTION(
      isolate, number_format,
      New<JSNumberFormat>(isolate, constructor, locales, options, method_name),