ValueSerializer: Fail decode if no memory is available when decoding ArrayBuffer.

BUG=chromium:681843 Review-Url: https://codereview.chromium.org/2645673002 Cr-Commit-Position: refs/heads/master@{#42510}

ValueSerializer: Fail decode if no memory is available when decoding ArrayBuffer.
BUG=chromium:681843 Review-Url: https://codereview.chromium.org/2645673002 Cr-Commit-Position: refs/heads/master@{#42510}
5e30385d · jbroman · Commit bot · 4cf44599 · 5e30385d · 5e30385d
Commit 5e30385d authored Jan 19, 2017 by jbroman Committed by Commit bot Jan 19, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 2 deletions

value-serializer.cc src/value-serializer.cc +4 -2

value-serializer-unittest.cc test/unittests/value-serializer-unittest.cc +32 -0

No files found.
--- a/src/value-serializer.cc
+++ b/src/value-serializer.cc
@@ -1459,8 +1459,10 @@ MaybeHandle<JSArrayBuffer> ValueDeserializer::ReadJSArrayBuffer() {
  const bool should_initialize = false;
  Handle<JSArrayBuffer> array_buffer =
      isolate_->factory()->NewJSArrayBuffer(SharedFlag::kNotShared, pretenure_);
-  JSArrayBuffer::SetupAllocatingData(array_buffer, isolate_, byte_length,
-                                     should_initialize);
+  if (!JSArrayBuffer::SetupAllocatingData(array_buffer, isolate_, byte_length,
+                                          should_initialize)) {
+    return MaybeHandle<JSArrayBuffer>();
+  }
  memcpy(array_buffer->backing_store(), position_, byte_length);
  position_ += byte_length;
  AddObjectWithID(id, array_buffer);

--- a/test/unittests/value-serializer-unittest.cc
+++ b/test/unittests/value-serializer-unittest.cc
@@ -1744,6 +1744,38 @@ TEST_F(ValueSerializerTest, DecodeInvalidArrayBuffer) {
  InvalidDecodeTest({0xff, 0x09, 0x42, 0xff, 0xff, 0x00});
 }

+// An array buffer allocator that never has available memory.
+class OOMArrayBufferAllocator : public ArrayBuffer::Allocator {
+ public:
+  void* Allocate(size_t) override { return nullptr; }
+  void* AllocateUninitialized(size_t) override { return nullptr; }
+  void Free(void*, size_t) override {}
+};
+
+TEST_F(ValueSerializerTest, DecodeArrayBufferOOM) {
+  // This test uses less of the harness, because it has to customize the
+  // isolate.
+  OOMArrayBufferAllocator allocator;
+  Isolate::CreateParams params;
+  params.array_buffer_allocator = &allocator;
+  Isolate* isolate = Isolate::New(params);
+  Isolate::Scope isolate_scope(isolate);
+  HandleScope handle_scope(isolate);
+  Local<Context> context = Context::New(isolate);
+  Context::Scope context_scope(context);
+  TryCatch try_catch(isolate);
+
+  const std::vector<uint8_t> data = {0xff, 0x09, 0x3f, 0x00, 0x42,
+                                     0x03, 0x00, 0x80, 0xff, 0x00};
+  ValueDeserializer deserializer(isolate, &data[0],
+                                 static_cast<int>(data.size()), nullptr);
+  deserializer.SetSupportsLegacyWireFormat(true);
+  ASSERT_TRUE(deserializer.ReadHeader(context).FromMaybe(false));
+  ASSERT_FALSE(try_catch.HasCaught());
+  EXPECT_TRUE(deserializer.ReadValue(context).IsEmpty());
+  EXPECT_TRUE(try_catch.HasCaught());
+}
+
 // Includes an ArrayBuffer wrapper marked for transfer from the serialization
 // context to the deserialization context.
 class ValueSerializerTestWithArrayBufferTransfer : public ValueSerializerTest {