AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[d8] Fix potential overflow issue in ArrayBuffer allocator.

Browse Source 
Bug: chromium:793196
Change-Id: I289653be3968b221bfe4c0f03e8430b2ca76c55c
Reviewed-on: https://chromium-review.googlesource.com/827645
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50135}
This commit is contained in:
Bill Budge 2017-12-14 12:24:12 -08:00 committed by Commit Bot
parent bcf1172992
commit 8b4966e906
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/d8.cc
View File

@ -146,9 +146,10 @@ class ShellArrayBufferAllocator : public ArrayBufferAllocatorBase {
// TODO(titzer): allocations should fail if >= 2gb because array buffers
// store their lengths as a SMI internally.
if (length >= kTwoGB) return nullptr;
size_t page_size = base::OS::AllocatePageSize();
size_t allocated = RoundUp(length, page_size);
// Rounding up could go over the limit.
if (allocated >= kTwoGB) return nullptr;
void* address = base::OS::Allocate(nullptr, allocated, page_size,
base::OS::MemoryPermission::kReadWrite);
#if defined(LEAK_SANITIZER)