Commit de26ce05 authored by adamk's avatar adamk Committed by Commit bot

[api] Relax CHECK for ArrayBuffer API abuse

Zero-length ArrayBuffers are allowed to have NULL backing stores.

BUG=522496
LOG=n

Review URL: https://codereview.chromium.org/1302803003

Cr-Commit-Position: refs/heads/master@{#30259}
parent 14495ba6
...@@ -6560,7 +6560,7 @@ Local<ArrayBuffer> v8::ArrayBuffer::New(Isolate* isolate, void* data, ...@@ -6560,7 +6560,7 @@ Local<ArrayBuffer> v8::ArrayBuffer::New(Isolate* isolate, void* data,
size_t byte_length, size_t byte_length,
ArrayBufferCreationMode mode) { ArrayBufferCreationMode mode) {
// Embedders must guarantee that the external backing store is valid. // Embedders must guarantee that the external backing store is valid.
CHECK(data != NULL); CHECK(byte_length == 0 || data != NULL);
i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
LOG_API(i_isolate, "v8::ArrayBuffer::New(void*, size_t)"); LOG_API(i_isolate, "v8::ArrayBuffer::New(void*, size_t)");
ENTER_V8(i_isolate); ENTER_V8(i_isolate);
...@@ -6759,7 +6759,7 @@ Local<SharedArrayBuffer> v8::SharedArrayBuffer::New( ...@@ -6759,7 +6759,7 @@ Local<SharedArrayBuffer> v8::SharedArrayBuffer::New(
ArrayBufferCreationMode mode) { ArrayBufferCreationMode mode) {
CHECK(i::FLAG_harmony_sharedarraybuffer); CHECK(i::FLAG_harmony_sharedarraybuffer);
// Embedders must guarantee that the external backing store is valid. // Embedders must guarantee that the external backing store is valid.
CHECK(data != NULL); CHECK(byte_length == 0 || data != NULL);
i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
LOG_API(i_isolate, "v8::SharedArrayBuffer::New(void*, size_t)"); LOG_API(i_isolate, "v8::SharedArrayBuffer::New(void*, size_t)");
ENTER_V8(i_isolate); ENTER_V8(i_isolate);
......
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
if (this.Worker) {
var worker = new Worker("onmessage = function(){}");
var buf = new ArrayBuffer();
worker.postMessage(buf, [buf]);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment