CHECK invalid arguments to CallSite constructor

This is a temporary measure to ensure clusterfuzz crashes at two dedicated sites until the CallSite constructor is made inaccessible from JS. R=yangguo@chromium.org BUG= Review-Url: https://codereview.chromium.org/2196263002 Cr-Commit-Position: refs/heads/master@{#38216}

CHECK invalid arguments to CallSite constructor
This is a temporary measure to ensure clusterfuzz crashes at two dedicated sites until the CallSite constructor is made inaccessible from JS. R=yangguo@chromium.org BUG= Review-Url: https://codereview.chromium.org/2196263002 Cr-Commit-Position: refs/heads/master@{#38216}
df4196db · jgruber · Commit bot · e3d10614 · df4196db
Commit df4196db authored Aug 01, 2016 by jgruber Committed by Commit bot Aug 01, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

messages.cc src/messages.cc +8 -4

No files found.
--- a/src/messages.cc
+++ b/src/messages.cc
@@ -916,9 +916,10 @@ MaybeHandle<Object> CallSiteUtils::Construct(
  }

  if (is_wasm_object) {
-    DCHECK(fun->IsSmi());
-    DCHECK(wasm::GetNumberOfFunctions(JSObject::cast(*receiver)) >
-           Smi::cast(*fun)->value());
+    // TODO(jgruber): Convert back to DCHECK once the callsite constructor is
+    // inaccessible from JS.
+    CHECK(fun->IsSmi() && (wasm::GetNumberOfFunctions(JSObject::cast(
+                               *receiver)) > Smi::cast(*fun)->value()));

    SET_CALLSITE_PROPERTY(obj, call_site_wasm_obj_symbol, receiver);
    SET_CALLSITE_PROPERTY(obj, call_site_wasm_func_index_symbol, fun);
@@ -928,7 +929,10 @@ MaybeHandle<Object> CallSiteUtils::Construct(
    SET_CALLSITE_PROPERTY(obj, call_site_function_symbol, fun);
  }

-  DCHECK(pos->IsSmi());
+  // TODO(jgruber): Convert back to DCHECK once the callsite constructor is
+  // inaccessible from JS.
+  CHECK(pos->IsSmi());
+
  SET_CALLSITE_PROPERTY(obj, call_site_position_symbol, pos);
  SET_CALLSITE_PROPERTY(
      obj, call_site_strict_symbol,