[intl] Fix OOM nullptr crash while calling clone()

Bug: chromium:1290612 Change-Id: If1e3030882786ccc0c6a9b42128bc1ac044f43f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445201Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#78986}

[intl] Fix OOM nullptr crash while calling clone()
Bug: chromium:1290612 Change-Id: If1e3030882786ccc0c6a9b42128bc1ac044f43f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445201Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#78986}
a13483e6 · Frank Tang · V8 LUCI CQ · 53abcef7 · a13483e6
Commit a13483e6 authored Feb 07, 2022 by Frank Tang Committed by V8 LUCI CQ Feb 08, 2022
Show whitespace changes
Inline Side-by-side

Showing with 27 additions and 13 deletions

js-date-time-format.cc src/objects/js-date-time-format.cc +27 -13

No files found.
--- a/src/objects/js-date-time-format.cc
+++ b/src/objects/js-date-time-format.cc
@@ -1458,24 +1458,38 @@ std::unique_ptr<icu::SimpleDateFormat> DateTimeStylePattern(
 class DateTimePatternGeneratorCache {
 public:
  // Return a clone copy that the caller have to free.
-  icu::DateTimePatternGenerator* CreateGenerator(const icu::Locale& locale) {
+  icu::DateTimePatternGenerator* CreateGenerator(Isolate* isolate,
+                                                 const icu::Locale& locale) {
    std::string key(locale.getName());
    base::MutexGuard guard(&mutex_);
    auto it = map_.find(key);
+    icu::DateTimePatternGenerator* orig;
    if (it != map_.end()) {
-      return it->second->clone();
-    }
+      DCHECK(it->second != nullptr);
+      orig = it->second.get();
+    } else {
      UErrorCode status = U_ZERO_ERROR;
-    map_[key].reset(
-        icu::DateTimePatternGenerator::createInstance(locale, status));
+      orig = icu::DateTimePatternGenerator::createInstance(locale, status);
+      // It may not be an U_MEMORY_ALLOCATION_ERROR.
      // Fallback to use "root".
      if (U_FAILURE(status)) {
        status = U_ZERO_ERROR;
-      map_[key].reset(
-          icu::DateTimePatternGenerator::createInstance("root", status));
+        orig = icu::DateTimePatternGenerator::createInstance("root", status);
      }
-    DCHECK(U_SUCCESS(status));
-    return map_[key]->clone();
+      if (U_SUCCESS(status) && orig != nullptr) {
+        map_[key].reset(orig);
+      } else {
+        DCHECK(status == U_MEMORY_ALLOCATION_ERROR);
+        V8::FatalProcessOutOfMemory(
+            isolate, "DateTimePatternGeneratorCache::CreateGenerator");
+      }
+    }
+    icu::DateTimePatternGenerator* clone = orig ? orig->clone() : nullptr;
+    if (clone == nullptr) {
+      V8::FatalProcessOutOfMemory(
+          isolate, "DateTimePatternGeneratorCache::CreateGenerator");
+    }
+    return clone;
  }

 private:
@@ -1622,7 +1636,7 @@ MaybeHandle<JSDateTimeFormat> JSDateTimeFormat::New(
      generator_cache = LAZY_INSTANCE_INITIALIZER;

  std::unique_ptr<icu::DateTimePatternGenerator> generator(
-      generator_cache.Pointer()->CreateGenerator(icu_locale));
+      generator_cache.Pointer()->CreateGenerator(isolate, icu_locale));

  // 15.Let hcDefault be dataLocaleData.[[hourCycle]].
  HourCycle hc_default = ToHourCycle(generator->getDefaultHourCycle(status));