Skip to content

V
V8
Commit e4cc9557 authored by jbroman's avatar jbroman Committed by Commit bot
Browse files
Options

ValueSerializer: Check for no matching ArrayBufferView type being found. 

Previously this would result in applying trying to find a size modulo zero,
which causes SIGFPE. This approach was preferred over adding a default case
to preserve the ability of the compiler to detect unhandled switch cases
(within the valid range of the enum).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2395073003
Cr-Commit-Position: refs/heads/master@{#40088}
parent 9ef4c3af
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 1 deletion
src/value-serializer.cc
View file @ e4cc9557
......@@ -1410,7 +1410,8 @@ MaybeHandle<JSArrayBufferView> ValueDeserializer::ReadJSArrayBufferView(
TYPED_ARRAYS(TYPED_ARRAY_CASE)
#undef TYPED_ARRAY_CASE
}
if (byte_offset % element_size != 0 || byte_length % element_size != 0) {
if (element_size == 0 || byte_offset % element_size != 0 ||
byte_length % element_size != 0) {
return MaybeHandle<JSArrayBufferView>();
}
Handle<JSTypedArray> typed_array = isolate_->factory()->NewJSTypedArray(
......
test/unittests/value-serializer-unittest.cc
View file @ e4cc9557
......@@ -1984,6 +1984,9 @@ TEST_F(ValueSerializerTest, DecodeInvalidTypedArray) {
// Byte length not divisible by element size.
InvalidDecodeTest(
{0xff, 0x09, 0x42, 0x04, 0x00, 0x00, 0x00, 0x00, 0x56, 0x77, 0x02, 0x01});
// Invalid view type (0xff).
InvalidDecodeTest(
{0xff, 0x09, 0x42, 0x02, 0x00, 0x00, 0x56, 0xff, 0x01, 0x01});
}
TEST_F(ValueSerializerTest, RoundTripDataView) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment