Commit 0c906df2 authored by Jakob Gruber's avatar Jakob Gruber Committed by Commit Bot

[inspector] Don't alloc invalid TypedArrays as previews

ArrayBuffer objects have a larger maximal size than TypedArray objects.
The inspector TypedArray objects to preview ArrayBuffer objects; ensure
we don't exceed the maximal size here.

Bug: chromium:964663,v8:9308
Change-Id: Ia787ff87c799a3f2ca073e36cb54e57e86dacae9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634921
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61917}
parent 731a370b
...@@ -1145,19 +1145,28 @@ void addTypedArrayViews(v8::Local<v8::Context> context, ...@@ -1145,19 +1145,28 @@ void addTypedArrayViews(v8::Local<v8::Context> context,
v8::Local<ArrayBuffer> buffer, v8::Local<ArrayBuffer> buffer,
ValueMirror::PropertyAccumulator* accumulator) { ValueMirror::PropertyAccumulator* accumulator) {
// TODO(alph): these should be internal properties. // TODO(alph): these should be internal properties.
size_t length = buffer->ByteLength(); // TODO(v8:9308): Reconsider how large arrays are previewed.
const size_t byte_length = buffer->ByteLength();
size_t length = byte_length;
if (length > v8::TypedArray::kMaxLength) return;
addTypedArrayView<v8::Int8Array>(context, buffer, length, "[[Int8Array]]", addTypedArrayView<v8::Int8Array>(context, buffer, length, "[[Int8Array]]",
accumulator); accumulator);
addTypedArrayView<v8::Uint8Array>(context, buffer, length, "[[Uint8Array]]", addTypedArrayView<v8::Uint8Array>(context, buffer, length, "[[Uint8Array]]",
accumulator); accumulator);
if (buffer->ByteLength() % 2 == 0) {
addTypedArrayView<v8::Int16Array>(context, buffer, length / 2, length = byte_length / 2;
"[[Int16Array]]", accumulator); if (length > v8::TypedArray::kMaxLength || (byte_length % 2) != 0) return;
}
if (buffer->ByteLength() % 4 == 0) { addTypedArrayView<v8::Int16Array>(context, buffer, length, "[[Int16Array]]",
addTypedArrayView<v8::Int32Array>(context, buffer, length / 4, accumulator);
"[[Int32Array]]", accumulator);
} length = byte_length / 4;
if (length > v8::TypedArray::kMaxLength || (byte_length % 4) != 0) return;
addTypedArrayView<v8::Int32Array>(context, buffer, length, "[[Int32Array]]",
accumulator);
} }
} // anonymous namespace } // anonymous namespace
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment