Skip to content

V
V8
Commit df1f72bb authored by binji's avatar binji Committed by Commit bot
Browse files
Options

[d8 worker] Fix regression when serializing very large arraybuffer 

BUG=chromium:514081
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1264723002

Cr-Commit-Position: refs/heads/master@{#29982}
parent ed3e5d1f
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 5 deletions
src/d8.cc
View file @ df1f72bb
...@@ -2077,16 +2077,15 @@ bool Shell::SerializeValue(Isolate* isolate, Local<Value> value, ...@@ -2077,16 +2077,15 @@ bool Shell::SerializeValue(Isolate* isolate, Local<Value> value,
} else { } else {
ArrayBuffer::Contents contents = array_buffer->GetContents(); ArrayBuffer::Contents contents = array_buffer->GetContents();
// Clone ArrayBuffer // Clone ArrayBuffer
if (contents.ByteLength() > i::kMaxUInt32) { if (contents.ByteLength() > i::kMaxInt) {
Throw(isolate, "ArrayBuffer is too big to clone"); Throw(isolate, "ArrayBuffer is too big to clone");
return false; return false;
} }
int byte_length = static_cast<int>(contents.ByteLength()); int32_t byte_length = static_cast<int32_t>(contents.ByteLength());
out_data->WriteTag(kSerializationTagArrayBuffer); out_data->WriteTag(kSerializationTagArrayBuffer);
out_data->Write(byte_length); out_data->Write(byte_length);
out_data->WriteMemory(contents.Data(), out_data->WriteMemory(contents.Data(), byte_length);
static_cast<int>(contents.ByteLength()));
} }
} else if (value->IsSharedArrayBuffer()) { } else if (value->IsSharedArrayBuffer()) {
Local<SharedArrayBuffer> sab = Local<SharedArrayBuffer>::Cast(value); Local<SharedArrayBuffer> sab = Local<SharedArrayBuffer>::Cast(value);
...@@ -2212,7 +2211,7 @@ MaybeLocal<Value> Shell::DeserializeValue(Isolate* isolate, ...@@ -2212,7 +2211,7 @@ MaybeLocal<Value> Shell::DeserializeValue(Isolate* isolate,
break; break;
} }
case kSerializationTagArrayBuffer: { case kSerializationTagArrayBuffer: {
int byte_length = data.Read<int>(offset); int32_t byte_length = data.Read<int32_t>(offset);
Local<ArrayBuffer> array_buffer = ArrayBuffer::New(isolate, byte_length); Local<ArrayBuffer> array_buffer = ArrayBuffer::New(isolate, byte_length);
ArrayBuffer::Contents contents = array_buffer->GetContents(); ArrayBuffer::Contents contents = array_buffer->GetContents();
DCHECK(static_cast<size_t>(byte_length) == contents.ByteLength()); DCHECK(static_cast<size_t>(byte_length) == contents.ByteLength());
......
test/mjsunit/regress/regress-crbug-514081.js 0 → 100644
View file @ df1f72bb
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
if (this.Worker) {
var __v_7 = new Worker('onmessage = function() {};');
try {
var ab = new ArrayBuffer(2147483648);
// If creating the ArrayBuffer succeeded, then postMessage should fail.
assertThrows(function() { __v_7.postMessage(ab); });
} catch (e) {
// Creating the ArrayBuffer failed.
assertInstanceof(e, RangeError);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment