Separate array length and capacity errors from OOMs.

Bug: chromium:1198188
Change-Id: I7f4a9e67a435fcb4b564599c5dd27c386bef143b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831480
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74015}
This commit is contained in:
Hannes Payer 2021-04-16 19:34:48 +02:00 committed by Commit Bot
parent a1c66099ed
commit 7564f6584e
4 changed files with 19 additions and 11 deletions

View File

@ -128,7 +128,8 @@ Handle<FixedArrayBase> FactoryBase<Impl>::NewFixedDoubleArray(
int length, AllocationType allocation) { int length, AllocationType allocation) {
if (length == 0) return impl()->empty_fixed_array(); if (length == 0) return impl()->empty_fixed_array();
if (length < 0 || length > FixedDoubleArray::kMaxLength) { if (length < 0 || length > FixedDoubleArray::kMaxLength) {
isolate()->FatalProcessOutOfHeapMemory("invalid array length"); FATAL("Fatal JavaScript invalid array length %d error", length);
UNREACHABLE();
} }
int size = FixedDoubleArray::SizeFor(length); int size = FixedDoubleArray::SizeFor(length);
Map map = read_only_roots().fixed_double_array_map(); Map map = read_only_roots().fixed_double_array_map();
@ -172,7 +173,8 @@ template <typename Impl>
Handle<ByteArray> FactoryBase<Impl>::NewByteArray(int length, Handle<ByteArray> FactoryBase<Impl>::NewByteArray(int length,
AllocationType allocation) { AllocationType allocation) {
if (length < 0 || length > ByteArray::kMaxLength) { if (length < 0 || length > ByteArray::kMaxLength) {
isolate()->FatalProcessOutOfHeapMemory("invalid array length"); FATAL("Fatal JavaScript invalid array length %d error", length);
UNREACHABLE();
} }
int size = ByteArray::SizeFor(length); int size = ByteArray::SizeFor(length);
HeapObject result = AllocateRawWithImmortalMap( HeapObject result = AllocateRawWithImmortalMap(
@ -189,7 +191,8 @@ Handle<BytecodeArray> FactoryBase<Impl>::NewBytecodeArray(
int length, const byte* raw_bytecodes, int frame_size, int parameter_count, int length, const byte* raw_bytecodes, int frame_size, int parameter_count,
Handle<FixedArray> constant_pool) { Handle<FixedArray> constant_pool) {
if (length < 0 || length > BytecodeArray::kMaxLength) { if (length < 0 || length > BytecodeArray::kMaxLength) {
isolate()->FatalProcessOutOfHeapMemory("invalid array length"); FATAL("Fatal JavaScript invalid array length %d error", length);
UNREACHABLE();
} }
// Bytecode array is AllocationType::kOld, so constant pool array should be // Bytecode array is AllocationType::kOld, so constant pool array should be
// too. // too.
@ -691,7 +694,8 @@ template <typename Impl>
Handle<FreshlyAllocatedBigInt> FactoryBase<Impl>::NewBigInt( Handle<FreshlyAllocatedBigInt> FactoryBase<Impl>::NewBigInt(
int length, AllocationType allocation) { int length, AllocationType allocation) {
if (length < 0 || length > BigInt::kMaxLength) { if (length < 0 || length > BigInt::kMaxLength) {
isolate()->FatalProcessOutOfHeapMemory("invalid BigInt length"); FATAL("Fatal JavaScript invalid BigInt length %d error", length);
UNREACHABLE();
} }
HeapObject result = AllocateRawWithImmortalMap( HeapObject result = AllocateRawWithImmortalMap(
BigInt::SizeFor(length), allocation, read_only_roots().bigint_map()); BigInt::SizeFor(length), allocation, read_only_roots().bigint_map());
@ -825,7 +829,8 @@ template <typename Impl>
HeapObject FactoryBase<Impl>::AllocateRawFixedArray(int length, HeapObject FactoryBase<Impl>::AllocateRawFixedArray(int length,
AllocationType allocation) { AllocationType allocation) {
if (length < 0 || length > FixedArray::kMaxLength) { if (length < 0 || length > FixedArray::kMaxLength) {
isolate()->FatalProcessOutOfHeapMemory("invalid array length"); FATAL("Fatal JavaScript invalid array length %d error", length);
UNREACHABLE();
} }
return AllocateRawArray(FixedArray::SizeFor(length), allocation); return AllocateRawArray(FixedArray::SizeFor(length), allocation);
} }
@ -834,7 +839,8 @@ template <typename Impl>
HeapObject FactoryBase<Impl>::AllocateRawWeakArrayList( HeapObject FactoryBase<Impl>::AllocateRawWeakArrayList(
int capacity, AllocationType allocation) { int capacity, AllocationType allocation) {
if (capacity < 0 || capacity > WeakArrayList::kMaxCapacity) { if (capacity < 0 || capacity > WeakArrayList::kMaxCapacity) {
isolate()->FatalProcessOutOfHeapMemory("invalid array length"); FATAL("Fatal JavaScript invalid WeakArray capacity %d error", capacity);
UNREACHABLE();
} }
return AllocateRawArray(WeakArrayList::SizeForCapacity(capacity), allocation); return AllocateRawArray(WeakArrayList::SizeForCapacity(capacity), allocation);
} }
@ -878,8 +884,9 @@ FactoryBase<Impl>::NewSwissNameDictionaryWithCapacity(
return read_only_roots().empty_swiss_property_dictionary_handle(); return read_only_roots().empty_swiss_property_dictionary_handle();
} }
if (capacity > SwissNameDictionary::MaxCapacity()) { if (capacity < 0 || capacity > SwissNameDictionary::MaxCapacity()) {
isolate()->FatalProcessOutOfHeapMemory("invalid table size"); FATAL("Fatal JavaScript invalid dictionary capacity %d error", capacity);
UNREACHABLE();
} }
int meta_table_length = SwissNameDictionary::MetaTableSizeFor(capacity); int meta_table_length = SwissNameDictionary::MetaTableSizeFor(capacity);

View File

@ -413,7 +413,8 @@ MaybeHandle<FixedArray> Factory::TryNewFixedArray(
Handle<FixedArray> Factory::NewUninitializedFixedArray(int length) { Handle<FixedArray> Factory::NewUninitializedFixedArray(int length) {
if (length == 0) return empty_fixed_array(); if (length == 0) return empty_fixed_array();
if (length < 0 || length > FixedArray::kMaxLength) { if (length < 0 || length > FixedArray::kMaxLength) {
isolate()->heap()->FatalProcessOutOfMemory("invalid array length"); FATAL("Fatal JavaScript invalid array length %d error", length);
UNREACHABLE();
} }
// TODO(ulan): As an experiment this temporarily returns an initialized fixed // TODO(ulan): As an experiment this temporarily returns an initialized fixed

View File

@ -13,7 +13,7 @@ using NewUninitializedFixedArrayTest = TestWithIsolateAndZone;
TEST_F(NewUninitializedFixedArrayTest, ThrowOnNegativeLength) { TEST_F(NewUninitializedFixedArrayTest, ThrowOnNegativeLength) {
ASSERT_DEATH_IF_SUPPORTED({ factory()->NewUninitializedFixedArray(-1); }, ASSERT_DEATH_IF_SUPPORTED({ factory()->NewUninitializedFixedArray(-1); },
"Fatal javascript OOM in invalid array length"); "Fatal JavaScript invalid array length -1 error");
} }
} // namespace internal } // namespace internal

View File

@ -13,7 +13,7 @@ using NewFixedDoubleArrayTest = TestWithIsolateAndZone;
TEST_F(NewFixedDoubleArrayTest, ThrowOnNegativeLength) { TEST_F(NewFixedDoubleArrayTest, ThrowOnNegativeLength) {
ASSERT_DEATH_IF_SUPPORTED({ factory()->NewFixedDoubleArray(-1); }, ASSERT_DEATH_IF_SUPPORTED({ factory()->NewFixedDoubleArray(-1); },
"Fatal javascript OOM in invalid array length"); "Fatal JavaScript invalid array length -1 error");
} }
} // namespace internal } // namespace internal