Commit 293ada71 authored by Paolo Severini's avatar Paolo Severini Committed by V8 LUCI CQ

[fastcall] Remove possible sanitizer error in fastcall test function

Fix a sanitizer undefined behavior error found by the fuzzer in
function AddAll32BitIntFastCallback_6Args, due to a possible integer
underflow or overflow.

Bug: chromium:1223873
Change-Id: Ibef53ce2b4421bed5154a694fb607d36f2bba28a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2993551Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75435}
parent 5466da4d
...@@ -224,7 +224,11 @@ class FastCApiObject { ...@@ -224,7 +224,11 @@ class FastCApiObject {
return 0; return 0;
} }
return arg1_i32 + arg2_i32 + arg3_i32 + arg4_u32 + arg5_u32 + arg6_u32; int64_t result = static_cast<int64_t>(arg1_i32) + arg2_i32 + arg3_i32 +
arg4_u32 + arg5_u32 + arg6_u32;
if (result > INT_MAX) return INT_MAX;
if (result < INT_MIN) return INT_MIN;
return static_cast<int>(result);
} }
static int AddAll32BitIntFastCallback_5Args( static int AddAll32BitIntFastCallback_5Args(
Local<Object> receiver, bool should_fallback, int32_t arg1_i32, Local<Object> receiver, bool should_fallback, int32_t arg1_i32,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment