[inspector] Validate samplingInterval in HeapProfiler.startSampling

The HeapProfiler.startSampling method accepts a samplingInterval parameter, which is assumed to be a positive (non-zero) number, but doesn't validate the input (the renderer process just crashes hard on a CHECK instead). Fixed: chromium:1197392 Change-Id: Ib8e34f4b9881cd195214791ca0a3892e7b49bf55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891573 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/master@{#74523}

[inspector] Validate samplingInterval in HeapProfiler.startSampling
The HeapProfiler.startSampling method accepts a samplingInterval parameter, which is assumed to be a positive (non-zero) number, but doesn't validate the input (the renderer process just crashes hard on a CHECK instead). Fixed: chromium:1197392 Change-Id: Ib8e34f4b9881cd195214791ca0a3892e7b49bf55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891573 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/master@{#74523}
d50b5839 · Benedikt Meurer · V8 LUCI CQ · 03820443 · d50b5839 · d50b5839
Commit d50b5839 authored May 12, 2021 by Benedikt Meurer Committed by V8 LUCI CQ May 12, 2021
3 changed files
--- a/src/inspector/v8-heap-profiler-agent-impl.cc
+++ b/src/inspector/v8-heap-profiler-agent-impl.cc
@@ -379,6 +379,9 @@ Response V8HeapProfilerAgentImpl::startSampling(
  const unsigned defaultSamplingInterval = 1 << 15;
  double samplingIntervalValue =
      samplingInterval.fromMaybe(defaultSamplingInterval);
+  if (samplingIntervalValue <= 0.0) {
+    return Response::ServerError("Invalid sampling interval");
+  }
  m_state->setDouble(HeapProfilerAgentState::samplingHeapProfilerInterval,
                     samplingIntervalValue);
  m_state->setBoolean(HeapProfilerAgentState::samplingHeapProfilerEnabled,

--- a/test/inspector/regress/regress-crbug-1197392-expected.txt
+++ b/test/inspector/regress/regress-crbug-1197392-expected.txt
+Regression test for crbug.com/1197392
+
+Running test: testInvalidSamplingInterval
+{
+    error : {
+        code : -32000
+        message : Invalid sampling interval
+    }
+    id : <messageId>
+}
--- a/test/inspector/regress/regress-crbug-1197392.js
+++ b/test/inspector/regress/regress-crbug-1197392.js
+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --sampling-heap-profiler-suppress-randomness
+
+let {contextGroup, Protocol} = InspectorTest.start('Regression test for crbug.com/1197392');
+
+InspectorTest.runAsyncTestSuite([
+  async function testInvalidSamplingInterval() {
+    await Protocol.HeapProfiler.enable();
+    const message = await Protocol.HeapProfiler.startSampling({samplingInterval: 0});
+    InspectorTest.logMessage(message);
+    await Protocol.HeapProfiler.disable();
+  }
+]);