[wasm] Check the result of Promise::Resolver
We check that if we do not get a result, or if we get a negative result, then there has to be a scheduled exception. R=clemensh@chromium.org TEST=mjsunit/regress/wasm/regression-704127 BUG=chromium:704127 Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5 Reviewed-on: https://chromium-review.googlesource.com/458282 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44144}
This commit is contained in:
Andreas Haas
Commit Bot
parent
3d82e557ae
commit
6ad5ca59c9
@ -192,7 +192,8 @@ void WebAssemblyCompile(const v8::FunctionCallbackInfo<v8::Value>& args) {
|
||||
auto bytes = GetFirstArgumentAsBytes(args, &thrower);
|
||||
if (!IsCompilationAllowed(i_isolate, &thrower, args[0], true)) {
|
||||
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false),
|
||||
i_isolate->has_scheduled_exception());
|
||||
return;
|
||||
}
|
||||
DCHECK(!thrower.error());
|
||||
@ -347,7 +348,8 @@ void WebAssemblyInstantiate(const v8::FunctionCallbackInfo<v8::Value>& args) {
|
||||
"Argument 0 must be provided and must be either a buffer source or a "
|
||||
"WebAssembly.Module object");
|
||||
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false),
|
||||
i_isolate->has_scheduled_exception());
|
||||
return;
|
||||
}
|
||||
|
||||
@ -356,20 +358,23 @@ void WebAssemblyInstantiate(const v8::FunctionCallbackInfo<v8::Value>& args) {
|
||||
thrower.TypeError(
|
||||
"Argument 0 must be a buffer source or a WebAssembly.Module object");
|
||||
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false),
|
||||
i_isolate->has_scheduled_exception());
|
||||
return;
|
||||
}
|
||||
|
||||
auto maybe_imports = GetSecondArgumentAsImports(args, &thrower);
|
||||
if (thrower.error()) {
|
||||
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false),
|
||||
i_isolate->has_scheduled_exception());
|
||||
return;
|
||||
}
|
||||
if (!IsInstantiationAllowed(i_isolate, &thrower, args[0], maybe_imports,
|
||||
true)) {
|
||||
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false),
|
||||
i_isolate->has_scheduled_exception());
|
||||
return;
|
||||
}
|
||||
i::Handle<i::JSPromise> promise = Utils::OpenHandle(*resolver->GetPromise());
|
||||
@ -383,7 +388,8 @@ void WebAssemblyInstantiate(const v8::FunctionCallbackInfo<v8::Value>& args) {
|
||||
auto bytes = GetFirstArgumentAsBytes(args, &thrower);
|
||||
if (thrower.error()) {
|
||||
auto maybe = resolver->Reject(context, Utils::ToLocal(thrower.Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false),
|
||||
i_isolate->has_scheduled_exception());
|
||||
return;
|
||||
}
|
||||
i::wasm::AsyncCompileAndInstantiate(i_isolate, promise, bytes,
|
||||
|
||||
@ -2875,7 +2875,7 @@ void RejectPromise(Isolate* isolate, ErrorThrower* thrower,
|
||||
Handle<Context> context(isolate->context(), isolate);
|
||||
auto maybe = resolver->Reject(v8::Utils::ToLocal(context),
|
||||
v8::Utils::ToLocal(thrower->Reify()));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false), isolate->has_scheduled_exception());
|
||||
}
|
||||
|
||||
void ResolvePromise(Isolate* isolate, Handle<JSPromise> promise,
|
||||
@ -2885,7 +2885,7 @@ void ResolvePromise(Isolate* isolate, Handle<JSPromise> promise,
|
||||
Handle<Context> context(isolate->context(), isolate);
|
||||
auto maybe = resolver->Resolve(v8::Utils::ToLocal(context),
|
||||
v8::Utils::ToLocal(result));
|
||||
CHECK(!maybe.IsNothing());
|
||||
CHECK_IMPLIES(!maybe.FromMaybe(false), isolate->has_scheduled_exception());
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
15
test/mjsunit/regress/wasm/regression-704127.js
Normal file
15
test/mjsunit/regress/wasm/regression-704127.js
Normal file
@ -0,0 +1,15 @@
|
||||
// Copyright 2017 the V8 project authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
assertThrows( () => {
|
||||
var v4 = {};
|
||||
Object.prototype.__defineGetter__(0, function() {
|
||||
this[0] = 1;
|
||||
})
|
||||
Object.prototype.__defineSetter__(0, function() {
|
||||
WebAssembly.compile();
|
||||
this[0] = v4;
|
||||
});
|
||||
v14 = new Intl.Collator();
|
||||
var v34 = eval("");}, RangeError);
|
||||
Loading…
Reference in New Issue
Block a user