[fastcall] Remove possible sanitizer error in fastcall test function

Fix a sanitizer undefined behavior error found by the fuzzer in function AddAll32BitIntFastCallback_6Args, due to a possible integer underflow or overflow. Bug: chromium:1223873 Change-Id: Ibef53ce2b4421bed5154a694fb607d36f2bba28a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2993551Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#75435}

[fastcall] Remove possible sanitizer error in fastcall test function
Fix a sanitizer undefined behavior error found by the fuzzer in function AddAll32BitIntFastCallback_6Args, due to a possible integer underflow or overflow. Bug: chromium:1223873 Change-Id: Ibef53ce2b4421bed5154a694fb607d36f2bba28a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2993551Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#75435}
293ada71 · Paolo Severini · V8 LUCI CQ · 5466da4d · 293ada71
Commit 293ada71 authored Jun 29, 2021 by Paolo Severini Committed by V8 LUCI CQ Jun 29, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

d8-test.cc src/d8/d8-test.cc +5 -1

No files found.
--- a/src/d8/d8-test.cc
+++ b/src/d8/d8-test.cc
@@ -224,7 +224,11 @@ class FastCApiObject {
      return 0;
    }

-    return arg1_i32 + arg2_i32 + arg3_i32 + arg4_u32 + arg5_u32 + arg6_u32;
+    int64_t result = static_cast<int64_t>(arg1_i32) + arg2_i32 + arg3_i32 +
+                     arg4_u32 + arg5_u32 + arg6_u32;
+    if (result > INT_MAX) return INT_MAX;
+    if (result < INT_MIN) return INT_MIN;
+    return static_cast<int>(result);
  }
  static int AddAll32BitIntFastCallback_5Args(
      Local<Object> receiver, bool should_fallback, int32_t arg1_i32,