Check for INT64_MIN / -1 under SignedMulOverflow64

Bug: chromium:1392928, v8:9407 Change-Id: I0cf75d27a8e2db74f735c32461c02dbab098590d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4058066 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#84502}
2022-11-25 16:02:17 -05:00 · 2022-11-25 16:02:17 -05:00 · 515e863e4f
commit 515e863e4f
parent 7d61e9aaa5
1 changed files with 7 additions and 0 deletions
--- a/src/base/bits.h
+++ b/src/base/bits.h
@ -343,6 +343,13 @@ inline bool SignedMulOverflow64(int64_t lhs, int64_t rhs, int64_t* val) {
  int64_t res = base::bit_cast<int64_t>(static_cast<uint64_t>(lhs) *
                                        static_cast<uint64_t>(rhs));
  *val = res;
+
+  // Check for INT64_MIN / -1 as it's undefined behaviour and could cause
+  // hardware exceptions.
+  if ((res == INT64_MIN && lhs == -1)) {
+    return true;
+  }
+
  return lhs != 0 && (res / lhs) != rhs;
 #endif
 }