AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[runtime] Harden OptimizeFunctionOnNextCall

Browse Source 
Ignore invalid input for all arguments of OptimizeFunctionOnNextCall
potentially produced by fuzzers.

Bug: chromium:901645
Change-Id: Ic185812c228a92f8dbb48212c45685bd14892947
Reviewed-on: https://chromium-review.googlesource.com/c/1317567
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57234}
This commit is contained in:
Camillo Bruni 2018-11-05 11:41:10 +01:00 committed by Commit Bot
parent f86ee274b7
commit 7621325d79
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/runtime/runtime-test.cc
View File

@ -240,8 +240,13 @@ RUNTIME_FUNCTION(Runtime_OptimizeFunctionOnNextCall) {
ConcurrencyMode concurrency_mode = ConcurrencyMode::kNotConcurrent;
if (args.length() == 2) {
CONVERT_ARG_HANDLE_CHECKED(String, type, 1);
if (type->IsOneByteEqualTo(STATIC_CHAR_VECTOR("concurrent")) &&
// Ignore invalid inputs produced by fuzzers.
CONVERT_ARG_HANDLE_CHECKED(Object, type, 1);
if (!type->IsString()) {
return ReadOnlyRoots(isolate).undefined_value();
}
if (Handle<String>::cast(type)->IsOneByteEqualTo(
STATIC_CHAR_VECTOR("concurrent")) &&
isolate->concurrent_recompilation_enabled()) {
concurrency_mode = ConcurrencyMode::kConcurrent;
}