Commit 2028d1d8 authored by Yang Guo's avatar Yang Guo Committed by Commit Bot

Add test case for ValueDeserializer

Bug: chromium:905940
Change-Id: Ifc5e04ea871539af3a690d75b4eddf54168836df
Reviewed-on: https://chromium-review.googlesource.com/c/1340283Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57593}
parent 33da7197
......@@ -1473,10 +1473,8 @@ MaybeHandle<JSArray> ValueDeserializer::ReadDenseJSArray() {
// hole. Past version 11, undefined means undefined.
if (version_ < 11 && element->IsUndefined(isolate_)) continue;
// Make sure elements is still large enough.
if (i >= static_cast<uint32_t>(elements->length())) {
return MaybeHandle<JSArray>();
}
// Safety check.
CHECK_LT(i, static_cast<uint32_t>(elements->length()));
elements->set(i, *element);
}
......
......@@ -1870,6 +1870,22 @@ TEST_F(ValueSerializerTest, DecodeDataView) {
ExpectScriptTrue("Object.getPrototypeOf(result) === DataView.prototype");
}
TEST_F(ValueSerializerTest, DecodeArrayWithLengthProperty1) {
Local<Value> value = DecodeTest(
{0xff, 0x0d, 0x41, 0x03, 0x49, 0x02, 0x49, 0x04, 0x49, 0x06, 0x22, 0x06,
0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x49, 0x02, 0x24, 0x01, 0x03});
ASSERT_TRUE(value->IsArray());
EXPECT_EQ(1u, Local<Array>::Cast(value)->Length());
}
TEST_F(ValueSerializerTest, DecodeArrayWithLengthProperty2) {
ASSERT_DEATH_IF_SUPPORTED(
DecodeTest({0xff, 0x0d, 0x41, 0x03, 0x49, 0x02, 0x49, 0x04,
0x49, 0x06, 0x22, 0x06, 0x6c, 0x65, 0x6e, 0x67,
0x74, 0x68, 0x6f, 0x7b, 0x00, 0x24, 0x01, 0x03}),
".*AllowJavascriptExecution::IsAllowed.*");
}
TEST_F(ValueSerializerTest, DecodeInvalidDataView) {
// Byte offset out of range.
InvalidDecodeTest(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment