[runtime] Make %ArrayBufferNeuter fuzzable.

This makes sure Runtime_ArrayBufferNeuter fails gracefully on array buffers that are non-neuterable. Note that this runtime function is whitelisted on ClusterFuzz and otherwise only used for testing. R=cbruni@chromium.org BUG=chromium:743215,v8:6534 Change-Id: I5069e615468f8789bf4fd87bb1e093a18bfd0347 Reviewed-on: https://chromium-review.googlesource.com/574168Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46710}

[runtime] Make %ArrayBufferNeuter fuzzable.
This makes sure Runtime_ArrayBufferNeuter fails gracefully on array buffers that are non-neuterable. Note that this runtime function is whitelisted on ClusterFuzz and otherwise only used for testing. R=cbruni@chromium.org BUG=chromium:743215,v8:6534 Change-Id: I5069e615468f8789bf4fd87bb1e093a18bfd0347 Reviewed-on: https://chromium-review.googlesource.com/574168Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46710}
4c50af93 · Michael Starzinger · Commit Bot · 1507efcd · 4c50af93
Commit 4c50af93 authored Jul 17, 2017 by Michael Starzinger Committed by Commit Bot Jul 17, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

runtime-typedarray.cc src/runtime/runtime-typedarray.cc +3 -1

No files found.
--- a/src/runtime/runtime-typedarray.cc
+++ b/src/runtime/runtime-typedarray.cc
@@ -33,7 +33,9 @@ RUNTIME_FUNCTION(Runtime_ArrayBufferNeuter) {
        isolate, NewTypeError(MessageTemplate::kNotTypedArray));
  }
  Handle<JSArrayBuffer> array_buffer = Handle<JSArrayBuffer>::cast(argument);
-
+  if (!array_buffer->is_neuterable()) {
+    return isolate->heap()->undefined_value();
+  }
  if (array_buffer->backing_store() == NULL) {
    CHECK(Smi::kZero == array_buffer->byte_length());
    return isolate->heap()->undefined_value();