deps: V8: cherry-pick 81814ed44574

Original commit message: [promise] Avoid stack overflow with context promise hooks in C++ This was handled in JS but not in C++. Bug: chromium:236703, v8:11025 Change-Id: Ic9adc4ceb4d2af2614427fec459c3e950654572f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074460 Commit-Queue: Camillo Bruni <[email protected]> Reviewed-by: Victor Gomes <[email protected]> Cr-Commit-Position: refs/heads/master@{#76125} Refs: v8/v8@81814ed PR-URL: #39719 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
nodejs · Aug 16, 2021 · 103bf20 · 103bf20
1 parent 7e98845
commit 103bf20
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/deps/v8/src/objects/contexts.cc b/deps/v8/src/objects/contexts.cc
@@ -547,7 +547,15 @@ void NativeContext::RunPromiseHook(PromiseHookType type,
 
   Handle<Object> receiver = isolate->global_proxy();
 
-  if (Execution::Call(isolate, hook, receiver, argc, argv).is_null()) {
+  StackLimitCheck check(isolate);
+  bool failed = false;
+  if (check.HasOverflowed()) {
+    isolate->StackOverflow();
+    failed = true;
+  } else {
+    failed = Execution::Call(isolate, hook, receiver, argc, argv).is_null();
+  }
+  if (failed) {
     DCHECK(isolate->has_pending_exception());
     Handle<Object> exception(isolate->pending_exception(), isolate);
 

diff --git a/deps/v8/test/mjsunit/promise-hooks.js b/deps/v8/test/mjsunit/promise-hooks.js
@@ -273,3 +273,11 @@ exceptions();
 
   d8.promise.setHooks();
 })();
+
+(function overflow(){
+  d8.promise.setHooks(() => { new Promise(()=>{}) });
+  // Trigger overflow from JS code:
+  Promise.all([Promise.resolve(1)]);
+  %PerformMicrotaskCheckpoint();
+  d8.promise.setHooks();
+});