[d8 worker] Fix regression when serializing very large arraybuffer
BUG=chromium:514081 R=jarin@chromium.org LOG=n Review URL: https://codereview.chromium.org/1264723002 Cr-Commit-Position: refs/heads/master@{#29982}
This commit is contained in:
parent
ed3e5d1f3a
commit
df1f72bbf1
@ -2077,16 +2077,15 @@ bool Shell::SerializeValue(Isolate* isolate, Local<Value> value,
|
||||
} else {
|
||||
ArrayBuffer::Contents contents = array_buffer->GetContents();
|
||||
// Clone ArrayBuffer
|
||||
if (contents.ByteLength() > i::kMaxUInt32) {
|
||||
if (contents.ByteLength() > i::kMaxInt) {
|
||||
Throw(isolate, "ArrayBuffer is too big to clone");
|
||||
return false;
|
||||
}
|
||||
|
||||
int byte_length = static_cast<int>(contents.ByteLength());
|
||||
int32_t byte_length = static_cast<int32_t>(contents.ByteLength());
|
||||
out_data->WriteTag(kSerializationTagArrayBuffer);
|
||||
out_data->Write(byte_length);
|
||||
out_data->WriteMemory(contents.Data(),
|
||||
static_cast<int>(contents.ByteLength()));
|
||||
out_data->WriteMemory(contents.Data(), byte_length);
|
||||
}
|
||||
} else if (value->IsSharedArrayBuffer()) {
|
||||
Local<SharedArrayBuffer> sab = Local<SharedArrayBuffer>::Cast(value);
|
||||
@ -2212,7 +2211,7 @@ MaybeLocal<Value> Shell::DeserializeValue(Isolate* isolate,
|
||||
break;
|
||||
}
|
||||
case kSerializationTagArrayBuffer: {
|
||||
int byte_length = data.Read<int>(offset);
|
||||
int32_t byte_length = data.Read<int32_t>(offset);
|
||||
Local<ArrayBuffer> array_buffer = ArrayBuffer::New(isolate, byte_length);
|
||||
ArrayBuffer::Contents contents = array_buffer->GetContents();
|
||||
DCHECK(static_cast<size_t>(byte_length) == contents.ByteLength());
|
||||
|
15
test/mjsunit/regress/regress-crbug-514081.js
Normal file
15
test/mjsunit/regress/regress-crbug-514081.js
Normal file
@ -0,0 +1,15 @@
|
||||
// Copyright 2015 the V8 project authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
if (this.Worker) {
|
||||
var __v_7 = new Worker('onmessage = function() {};');
|
||||
try {
|
||||
var ab = new ArrayBuffer(2147483648);
|
||||
// If creating the ArrayBuffer succeeded, then postMessage should fail.
|
||||
assertThrows(function() { __v_7.postMessage(ab); });
|
||||
} catch (e) {
|
||||
// Creating the ArrayBuffer failed.
|
||||
assertInstanceof(e, RangeError);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user