• Jakob Kummerow's avatar
    [ubsan] Fix various ClusterFuzz-found issues · 91f0cd00
    Jakob Kummerow authored
    Fixing a few float and int overflows.
    Drive-by fix: with --experimental-wasm-bigint, Number values
    may not be used to initialize i64-typed globals. The existing
    code for doing that relied on UB; since it's a spec violation
    the fix is to throw instead.
    
    No regression test for 933103 because it will OOM anyway.
    No regression test for 932896 because it would be extremely slow.
    
    Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
    Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
    Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
    Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
    Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60075}
    91f0cd00
Name
Last commit
Last update
..
allocation-site-inl.h Loading commit data...
allocation-site.h Loading commit data...
api-callbacks-inl.h Loading commit data...
api-callbacks.h Loading commit data...
arguments-inl.h Loading commit data...
arguments.h Loading commit data...
bigint.cc Loading commit data...
bigint.h Loading commit data...
builtin-function-id.h Loading commit data...
cell-inl.h Loading commit data...
cell.h Loading commit data...
code-inl.h Loading commit data...
code.cc Loading commit data...
code.h Loading commit data...
compilation-cache-inl.h Loading commit data...
compilation-cache.h Loading commit data...
compressed-slots-inl.h Loading commit data...
compressed-slots.h Loading commit data...
data-handler-inl.h Loading commit data...
data-handler.h Loading commit data...
debug-objects-inl.h Loading commit data...
debug-objects.cc Loading commit data...
debug-objects.h Loading commit data...
descriptor-array-inl.h Loading commit data...
descriptor-array.h Loading commit data...
dictionary-inl.h Loading commit data...
dictionary.h Loading commit data...
embedder-data-array-inl.h Loading commit data...
embedder-data-array.cc Loading commit data...
embedder-data-array.h Loading commit data...
embedder-data-slot-inl.h Loading commit data...
embedder-data-slot.h Loading commit data...
feedback-cell-inl.h Loading commit data...
feedback-cell.h Loading commit data...
fixed-array-inl.h Loading commit data...
fixed-array.h Loading commit data...
foreign-inl.h Loading commit data...
foreign.h Loading commit data...
frame-array-inl.h Loading commit data...
frame-array.h Loading commit data...
free-space-inl.h Loading commit data...
free-space.h Loading commit data...
hash-table-inl.h Loading commit data...
hash-table.h Loading commit data...
heap-number-inl.h Loading commit data...
heap-number.h Loading commit data...
heap-object-inl.h Loading commit data...
heap-object.h Loading commit data...
instance-type-inl.h Loading commit data...
instance-type.h Loading commit data...
intl-objects.cc Loading commit data...
intl-objects.h Loading commit data...
js-array-buffer-inl.h Loading commit data...
js-array-buffer.cc Loading commit data...
js-array-buffer.h Loading commit data...
js-array-inl.h Loading commit data...
js-array.h Loading commit data...
js-break-iterator-inl.h Loading commit data...
js-break-iterator.cc Loading commit data...
js-break-iterator.h Loading commit data...
js-collator-inl.h Loading commit data...
js-collator.cc Loading commit data...
js-collator.h Loading commit data...
js-collection-inl.h Loading commit data...
js-collection.h Loading commit data...
js-date-time-format-inl.h Loading commit data...
js-date-time-format.cc Loading commit data...
js-date-time-format.h Loading commit data...
js-generator-inl.h Loading commit data...
js-generator.h Loading commit data...
js-list-format-inl.h Loading commit data...
js-list-format.cc Loading commit data...
js-list-format.h Loading commit data...
js-locale-inl.h Loading commit data...
js-locale.cc Loading commit data...
js-locale.h Loading commit data...
js-number-format-inl.h Loading commit data...
js-number-format.cc Loading commit data...
js-number-format.h Loading commit data...
js-objects-inl.h Loading commit data...
js-objects.cc Loading commit data...
js-objects.h Loading commit data...
js-plural-rules-inl.h Loading commit data...
js-plural-rules.cc Loading commit data...
js-plural-rules.h Loading commit data...
js-promise-inl.h Loading commit data...
js-promise.h Loading commit data...
js-proxy-inl.h Loading commit data...
js-proxy.h Loading commit data...
js-regexp-inl.h Loading commit data...
js-regexp-string-iterator-inl.h Loading commit data...
js-regexp-string-iterator.h Loading commit data...
js-regexp.h Loading commit data...
js-relative-time-format-inl.h Loading commit data...
js-relative-time-format.cc Loading commit data...
js-relative-time-format.h Loading commit data...
js-segment-iterator-inl.h Loading commit data...
js-segment-iterator.cc Loading commit data...
js-segment-iterator.h Loading commit data...
js-segmenter-inl.h Loading commit data...
js-segmenter.cc Loading commit data...
js-segmenter.h Loading commit data...
js-weak-refs-inl.h Loading commit data...
js-weak-refs.h Loading commit data...
literal-objects-inl.h Loading commit data...
literal-objects.cc Loading commit data...
literal-objects.h Loading commit data...
managed.cc Loading commit data...
managed.h Loading commit data...
map-inl.h Loading commit data...
map.cc Loading commit data...
map.h Loading commit data...
maybe-object-inl.h Loading commit data...
maybe-object.h Loading commit data...
microtask-inl.h Loading commit data...
microtask.h Loading commit data...
module-inl.h Loading commit data...
module.cc Loading commit data...
module.h Loading commit data...
name-inl.h Loading commit data...
name.h Loading commit data...
object-macros-undef.h Loading commit data...
object-macros.h Loading commit data...
oddball-inl.h Loading commit data...
oddball.h Loading commit data...
ordered-hash-table-inl.h Loading commit data...
ordered-hash-table.cc Loading commit data...
ordered-hash-table.h Loading commit data...
promise-inl.h Loading commit data...
promise.h Loading commit data...
property-array-inl.h Loading commit data...
property-array.h Loading commit data...
property-cell-inl.h Loading commit data...
property-cell.h Loading commit data...
property-descriptor-object-inl.h Loading commit data...
property-descriptor-object.h Loading commit data...
prototype-info-inl.h Loading commit data...
prototype-info.h Loading commit data...
regexp-match-info.h Loading commit data...
scope-info.cc Loading commit data...
scope-info.h Loading commit data...
script-inl.h Loading commit data...
script.h Loading commit data...
shared-function-info-inl.h Loading commit data...
shared-function-info.h Loading commit data...
slots-atomic-inl.h Loading commit data...
slots-inl.h Loading commit data...
slots.h Loading commit data...
smi-inl.h Loading commit data...
smi.h Loading commit data...
stack-frame-info-inl.h Loading commit data...
stack-frame-info.cc Loading commit data...
stack-frame-info.h Loading commit data...
string-comparator.cc Loading commit data...
string-comparator.h Loading commit data...
string-inl.h Loading commit data...
string-table-inl.h Loading commit data...
string-table.h Loading commit data...
string.cc Loading commit data...
string.h Loading commit data...
struct-inl.h Loading commit data...
struct.h Loading commit data...
template-objects-inl.h Loading commit data...
template-objects.cc Loading commit data...
template-objects.h Loading commit data...
templates-inl.h Loading commit data...
templates.h Loading commit data...