From f3e8bea6b72977b0af7f8c597c66902b225aa1cf Mon Sep 17 00:00:00 2001 From: Ali Ijaz Sheikh Date: Mon, 20 Mar 2017 10:04:48 -0700 Subject: [PATCH] deps: cherry-pick ca0f9573 from V8 upstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original commit message: Trigger OOM crash if no memory returned in v8::ArrayBuffer::New and v… …8::SharedArrayBuffer::New. This API does not allow reporting failure, but we should crash rather than have the caller get an ArrayBuffer that isn't properly set up. BUG=chromium:681843 Review-Url: https://codereview.chromium.org/2641953002 Cr-Commit-Position: refs/heads/master@{#42511} PR-URL: https://github.com/nodejs/node/pull/11940 Reviewed-By: Anna Henningsen Reviewed-By: James M Snell Reviewed-By: Ben Noordhuis --- deps/v8z/include/v8-version.h | 2 +- deps/v8z/src/api.cc | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/deps/v8z/include/v8-version.h b/deps/v8z/include/v8-version.h index fc3292b05ff..2101944d147 100644 --- a/deps/v8z/include/v8-version.h +++ b/deps/v8z/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 4 #define V8_MINOR_VERSION 5 #define V8_BUILD_NUMBER 103 -#define V8_PATCH_LEVEL 46 +#define V8_PATCH_LEVEL 47 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8z/src/api.cc b/deps/v8z/src/api.cc index ec0f805876f..594d2ebcf20 100644 --- a/deps/v8z/src/api.cc +++ b/deps/v8z/src/api.cc @@ -6580,7 +6580,11 @@ Local v8::ArrayBuffer::New(Isolate* isolate, size_t byte_length) { ENTER_V8(i_isolate); i::Handle obj = i_isolate->factory()->NewJSArrayBuffer(i::SharedFlag::kNotShared); - i::Runtime::SetupArrayBufferAllocatingData(i_isolate, obj, byte_length); + // TODO(jbroman): It may be useful in the future to provide a MaybeLocal + // version that throws an exception or otherwise does not crash. + if (!i::Runtime::SetupArrayBufferAllocatingData(i_isolate, obj, byte_length)) { + i::FatalProcessOutOfMemory("v8::ArrayBuffer::New"); + } return Utils::ToLocal(obj); } @@ -6775,8 +6779,12 @@ Local v8::SharedArrayBuffer::New(Isolate* isolate, ENTER_V8(i_isolate); i::Handle obj = i_isolate->factory()->NewJSArrayBuffer(i::SharedFlag::kShared); - i::Runtime::SetupArrayBufferAllocatingData(i_isolate, obj, byte_length, true, - i::SharedFlag::kShared); + // TODO(jborman): It may be useful in the future to provide a MaybeLocal + // version that throws an exception or otherwise does not crash. + if (!i::Runtime::SetupArrayBufferAllocatingData(i_isolate, obj, byte_length, true, + i::SharedFlag::kShared)) { + i::FatalProcessOutOfMemory("v8::SharedArrayBuffer::New"); + } return Utils::ToLocalShared(obj); }