[regexp] In fuzzer, clear exception after failed string creation

Tentative fix for the CF crashes in https://crbug.com/754422. Bug: chromium:754422 Change-Id: I0dcb6b8860cb0bf20b3566ffba08e6772398ee65 Reviewed-on: https://chromium-review.googlesource.com/632176Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47591}

[regexp] In fuzzer, clear exception after failed string creation
Tentative fix for the CF crashes in https://crbug.com/754422. Bug: chromium:754422 Change-Id: I0dcb6b8860cb0bf20b3566ffba08e6772398ee65 Reviewed-on: https://chromium-review.googlesource.com/632176Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47591}
2d8a3c82 · jgruber · Commit Bot · ce1639d8 · 2d8a3c82
Commit 2d8a3c82 authored Aug 24, 2017 by jgruber Committed by Commit Bot Aug 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

regexp.cc test/fuzzer/regexp.cc +4 -1

No files found.
--- a/test/fuzzer/regexp.cc
+++ b/test/fuzzer/regexp.cc
@@ -40,7 +40,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  i::MaybeHandle<i::String> maybe_source = factory->NewStringFromOneByte(
      i::Vector<const uint8_t>(data, static_cast<int>(size)));
  i::Handle<i::String> source;
-  if (!maybe_source.ToHandle(&source)) return 0;
+  if (!maybe_source.ToHandle(&source)) {
+    i_isolate->clear_pending_exception();
+    return 0;
+  }

  static const int kAllFlags = i::JSRegExp::kGlobal | i::JSRegExp::kIgnoreCase |
                               i::JSRegExp::kMultiline | i::JSRegExp::kSticky |