[api] Guard for large values in AdjustAmountOfExternalAllocatedMemory

Guard for extremely large and small values passed to Isolate::AdjustAmountOfExternalAllocatedMemory from the embedder. Bug: chromium:1147372 Change-Id: Ib1470bdf2dd16cbc6e61dd1bca97fa5a66f04c77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543925 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71241}

[api] Guard for large values in AdjustAmountOfExternalAllocatedMemory
Guard for extremely large and small values passed to Isolate::AdjustAmountOfExternalAllocatedMemory from the embedder. Bug: chromium:1147372 Change-Id: Ib1470bdf2dd16cbc6e61dd1bca97fa5a66f04c77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543925 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71241}
bf52ff62 · Dominik Inführ · Commit Bot · 6d10bcb7 · bf52ff62
Commit bf52ff62 authored Nov 17, 2020 by Dominik Inführ Committed by Commit Bot Nov 17, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

api.cc src/api/api.cc +8 -0

No files found.
--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -8734,6 +8734,14 @@ size_t Isolate::NumberOfPhantomHandleResetsSinceLastCall() {

 int64_t Isolate::AdjustAmountOfExternalAllocatedMemory(
    int64_t change_in_bytes) {
+  // Try to check for unreasonably large or small values from the embedder.
+  const int64_t kMaxReasonableBytes = int64_t(1) << 60;
+  const int64_t kMinReasonableBytes = -kMaxReasonableBytes;
+  STATIC_ASSERT(kMaxReasonableBytes >= i::JSArrayBuffer::kMaxByteLength);
+
+  CHECK(kMinReasonableBytes <= change_in_bytes &&
+        change_in_bytes < kMaxReasonableBytes);
+
  i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(this);
  int64_t amount = i_isolate->heap()->update_external_memory(change_in_bytes);