Separate array length and capacity errors from OOMs.
Bug: chromium:1198188 Change-Id: I7f4a9e67a435fcb4b564599c5dd27c386bef143b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831480 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#74015}
This commit is contained in:
parent
a1c66099ed
commit
7564f6584e
@ -128,7 +128,8 @@ Handle<FixedArrayBase> FactoryBase<Impl>::NewFixedDoubleArray(
|
|||||||
int length, AllocationType allocation) {
|
int length, AllocationType allocation) {
|
||||||
if (length == 0) return impl()->empty_fixed_array();
|
if (length == 0) return impl()->empty_fixed_array();
|
||||||
if (length < 0 || length > FixedDoubleArray::kMaxLength) {
|
if (length < 0 || length > FixedDoubleArray::kMaxLength) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid array length");
|
FATAL("Fatal JavaScript invalid array length %d error", length);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
int size = FixedDoubleArray::SizeFor(length);
|
int size = FixedDoubleArray::SizeFor(length);
|
||||||
Map map = read_only_roots().fixed_double_array_map();
|
Map map = read_only_roots().fixed_double_array_map();
|
||||||
@ -172,7 +173,8 @@ template <typename Impl>
|
|||||||
Handle<ByteArray> FactoryBase<Impl>::NewByteArray(int length,
|
Handle<ByteArray> FactoryBase<Impl>::NewByteArray(int length,
|
||||||
AllocationType allocation) {
|
AllocationType allocation) {
|
||||||
if (length < 0 || length > ByteArray::kMaxLength) {
|
if (length < 0 || length > ByteArray::kMaxLength) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid array length");
|
FATAL("Fatal JavaScript invalid array length %d error", length);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
int size = ByteArray::SizeFor(length);
|
int size = ByteArray::SizeFor(length);
|
||||||
HeapObject result = AllocateRawWithImmortalMap(
|
HeapObject result = AllocateRawWithImmortalMap(
|
||||||
@ -189,7 +191,8 @@ Handle<BytecodeArray> FactoryBase<Impl>::NewBytecodeArray(
|
|||||||
int length, const byte* raw_bytecodes, int frame_size, int parameter_count,
|
int length, const byte* raw_bytecodes, int frame_size, int parameter_count,
|
||||||
Handle<FixedArray> constant_pool) {
|
Handle<FixedArray> constant_pool) {
|
||||||
if (length < 0 || length > BytecodeArray::kMaxLength) {
|
if (length < 0 || length > BytecodeArray::kMaxLength) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid array length");
|
FATAL("Fatal JavaScript invalid array length %d error", length);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
// Bytecode array is AllocationType::kOld, so constant pool array should be
|
// Bytecode array is AllocationType::kOld, so constant pool array should be
|
||||||
// too.
|
// too.
|
||||||
@ -691,7 +694,8 @@ template <typename Impl>
|
|||||||
Handle<FreshlyAllocatedBigInt> FactoryBase<Impl>::NewBigInt(
|
Handle<FreshlyAllocatedBigInt> FactoryBase<Impl>::NewBigInt(
|
||||||
int length, AllocationType allocation) {
|
int length, AllocationType allocation) {
|
||||||
if (length < 0 || length > BigInt::kMaxLength) {
|
if (length < 0 || length > BigInt::kMaxLength) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid BigInt length");
|
FATAL("Fatal JavaScript invalid BigInt length %d error", length);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
HeapObject result = AllocateRawWithImmortalMap(
|
HeapObject result = AllocateRawWithImmortalMap(
|
||||||
BigInt::SizeFor(length), allocation, read_only_roots().bigint_map());
|
BigInt::SizeFor(length), allocation, read_only_roots().bigint_map());
|
||||||
@ -825,7 +829,8 @@ template <typename Impl>
|
|||||||
HeapObject FactoryBase<Impl>::AllocateRawFixedArray(int length,
|
HeapObject FactoryBase<Impl>::AllocateRawFixedArray(int length,
|
||||||
AllocationType allocation) {
|
AllocationType allocation) {
|
||||||
if (length < 0 || length > FixedArray::kMaxLength) {
|
if (length < 0 || length > FixedArray::kMaxLength) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid array length");
|
FATAL("Fatal JavaScript invalid array length %d error", length);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
return AllocateRawArray(FixedArray::SizeFor(length), allocation);
|
return AllocateRawArray(FixedArray::SizeFor(length), allocation);
|
||||||
}
|
}
|
||||||
@ -834,7 +839,8 @@ template <typename Impl>
|
|||||||
HeapObject FactoryBase<Impl>::AllocateRawWeakArrayList(
|
HeapObject FactoryBase<Impl>::AllocateRawWeakArrayList(
|
||||||
int capacity, AllocationType allocation) {
|
int capacity, AllocationType allocation) {
|
||||||
if (capacity < 0 || capacity > WeakArrayList::kMaxCapacity) {
|
if (capacity < 0 || capacity > WeakArrayList::kMaxCapacity) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid array length");
|
FATAL("Fatal JavaScript invalid WeakArray capacity %d error", capacity);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
return AllocateRawArray(WeakArrayList::SizeForCapacity(capacity), allocation);
|
return AllocateRawArray(WeakArrayList::SizeForCapacity(capacity), allocation);
|
||||||
}
|
}
|
||||||
@ -878,8 +884,9 @@ FactoryBase<Impl>::NewSwissNameDictionaryWithCapacity(
|
|||||||
return read_only_roots().empty_swiss_property_dictionary_handle();
|
return read_only_roots().empty_swiss_property_dictionary_handle();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (capacity > SwissNameDictionary::MaxCapacity()) {
|
if (capacity < 0 || capacity > SwissNameDictionary::MaxCapacity()) {
|
||||||
isolate()->FatalProcessOutOfHeapMemory("invalid table size");
|
FATAL("Fatal JavaScript invalid dictionary capacity %d error", capacity);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
|
|
||||||
int meta_table_length = SwissNameDictionary::MetaTableSizeFor(capacity);
|
int meta_table_length = SwissNameDictionary::MetaTableSizeFor(capacity);
|
||||||
|
@ -413,7 +413,8 @@ MaybeHandle<FixedArray> Factory::TryNewFixedArray(
|
|||||||
Handle<FixedArray> Factory::NewUninitializedFixedArray(int length) {
|
Handle<FixedArray> Factory::NewUninitializedFixedArray(int length) {
|
||||||
if (length == 0) return empty_fixed_array();
|
if (length == 0) return empty_fixed_array();
|
||||||
if (length < 0 || length > FixedArray::kMaxLength) {
|
if (length < 0 || length > FixedArray::kMaxLength) {
|
||||||
isolate()->heap()->FatalProcessOutOfMemory("invalid array length");
|
FATAL("Fatal JavaScript invalid array length %d error", length);
|
||||||
|
UNREACHABLE();
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(ulan): As an experiment this temporarily returns an initialized fixed
|
// TODO(ulan): As an experiment this temporarily returns an initialized fixed
|
||||||
|
@ -13,7 +13,7 @@ using NewUninitializedFixedArrayTest = TestWithIsolateAndZone;
|
|||||||
|
|
||||||
TEST_F(NewUninitializedFixedArrayTest, ThrowOnNegativeLength) {
|
TEST_F(NewUninitializedFixedArrayTest, ThrowOnNegativeLength) {
|
||||||
ASSERT_DEATH_IF_SUPPORTED({ factory()->NewUninitializedFixedArray(-1); },
|
ASSERT_DEATH_IF_SUPPORTED({ factory()->NewUninitializedFixedArray(-1); },
|
||||||
"Fatal javascript OOM in invalid array length");
|
"Fatal JavaScript invalid array length -1 error");
|
||||||
}
|
}
|
||||||
|
|
||||||
} // namespace internal
|
} // namespace internal
|
||||||
|
@ -13,7 +13,7 @@ using NewFixedDoubleArrayTest = TestWithIsolateAndZone;
|
|||||||
|
|
||||||
TEST_F(NewFixedDoubleArrayTest, ThrowOnNegativeLength) {
|
TEST_F(NewFixedDoubleArrayTest, ThrowOnNegativeLength) {
|
||||||
ASSERT_DEATH_IF_SUPPORTED({ factory()->NewFixedDoubleArray(-1); },
|
ASSERT_DEATH_IF_SUPPORTED({ factory()->NewFixedDoubleArray(-1); },
|
||||||
"Fatal javascript OOM in invalid array length");
|
"Fatal JavaScript invalid array length -1 error");
|
||||||
}
|
}
|
||||||
|
|
||||||
} // namespace internal
|
} // namespace internal
|
||||||
|
Loading…
Reference in New Issue
Block a user