[test] Check a value type in a test function

Even though IsWasmCompileAllowed function in runtime/runtime-test.cc can be invoked only when native calls are allowed, so this is not an actual bug, fuzzing or random testing can call this function and make a false positive. Thus, add a checking if the given argument is actually an array buffer. Bug: v8:5981 Change-Id: I3918c4d68b67a507c93865effa490d7259d63cb1 Reviewed-on: https://chromium-review.googlesource.com/732383 Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50116}
2017-10-21 18:06:43 +09:00 · 2017-10-21 18:06:43 +09:00 · 8d835e6d3f
commit 8d835e6d3f
parent 3ca114725f
1 changed files with 3 additions and 2 deletions
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@ -43,8 +43,9 @@ bool IsWasmCompileAllowed(v8::Isolate* isolate, v8::Local<v8::Value> value,
  DCHECK_GT(g_PerIsolateWasmControls.Get().count(isolate), 0);
  const WasmCompileControls& ctrls = g_PerIsolateWasmControls.Get().at(isolate);
  return (is_async && ctrls.AllowAnySizeForAsync) ||
-         (v8::Local<v8::ArrayBuffer>::Cast(value)->ByteLength() <=
-          ctrls.MaxWasmBufferSize);
+         (value->IsArrayBuffer() &&
+          v8::Local<v8::ArrayBuffer>::Cast(value)->ByteLength() <=
+              ctrls.MaxWasmBufferSize);
 }

 // Use the compile controls for instantiation, too