include · 91f0cd00820a6e8d4567c1ce3a51d48a28165ab5 · Linshizhi / V8

[ubsan] Fix various ClusterFuzz-found issues · 91f0cd00

Jakob Kummerow authored Mar 06, 2019

Fixing a few float and int overflows.
Drive-by fix: with --experimental-wasm-bigint, Number values
may not be used to initialize i64-typed globals. The existing
code for doing that relied on UB; since it's a spec violation
the fix is to throw instead.

No regression test for 933103 because it will OOM anyway.
No regression test for 932896 because it would be extremely slow.

Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60075}

91f0cd00

Name	Last commit	Last update
..
libplatform		Loading commit data...
APIDesign.md		Loading commit data...
DEPS		Loading commit data...
OWNERS		Loading commit data...
v8-inspector-protocol.h		Loading commit data...
v8-inspector.h		Loading commit data...
v8-internal.h		Loading commit data...
v8-platform.h		Loading commit data...
v8-profiler.h		Loading commit data...
v8-testing.h		Loading commit data...
v8-util.h		Loading commit data...
v8-value-serializer-version.h		Loading commit data...
v8-version-string.h		Loading commit data...
v8-version.h		Loading commit data...
v8-wasm-trap-handler-posix.h		Loading commit data...
v8-wasm-trap-handler-win.h		Loading commit data...
v8.h		Loading commit data...
v8config.h		Loading commit data...