[runtime] Make %ArrayBufferNeuter fuzzable.

This makes sure Runtime_ArrayBufferNeuter fails gracefully on array buffers that are non-neuterable. Note that this runtime function is whitelisted on ClusterFuzz and otherwise only used for testing. R=cbruni@chromium.org BUG=chromium:743215,v8:6534 Change-Id: I5069e615468f8789bf4fd87bb1e093a18bfd0347 Reviewed-on: https://chromium-review.googlesource.com/574168 Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46710}
2017-07-17 12:46:37 +02:00 · 2017-07-17 12:46:37 +02:00 · 4c50af9358
commit 4c50af9358
parent 1507efcde0
1 changed files with 3 additions and 1 deletions
--- a/src/runtime/runtime-typedarray.cc
+++ b/src/runtime/runtime-typedarray.cc
@ -33,7 +33,9 @@ RUNTIME_FUNCTION(Runtime_ArrayBufferNeuter) {
        isolate, NewTypeError(MessageTemplate::kNotTypedArray));
  }
  Handle<JSArrayBuffer> array_buffer = Handle<JSArrayBuffer>::cast(argument);
-
+  if (!array_buffer->is_neuterable()) {
+    return isolate->heap()->undefined_value();
+  }
  if (array_buffer->backing_store() == NULL) {
    CHECK(Smi::kZero == array_buffer->byte_length());
    return isolate->heap()->undefined_value();