Ensure ArrayBuffers are not neutered twice

Bug: chromium:813876 Change-Id: I71c571e4185eff3a7386141a408dcb820a70ff95 Reviewed-on: https://chromium-review.googlesource.com/933594 Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51890}
2018-03-12 14:20:56 -07:00 · 2018-03-12 14:20:56 -07:00 · e4402ed0bc
commit e4402ed0bc
parent 575f7423c1
2 changed files with 1 additions and 4 deletions
--- a/src/objects.cc
+++ b/src/objects.cc
@ -19050,6 +19050,7 @@ Handle<String> JSMessageObject::GetSourceLine() const {

 void JSArrayBuffer::Neuter() {
  CHECK(is_neuterable());
+  CHECK(!was_neutered());
  CHECK(is_external());
  set_backing_store(nullptr);
  set_byte_length(Smi::kZero);
--- a/test/unittests/value-serializer-unittest.cc
+++ b/test/unittests/value-serializer-unittest.cc
@ -81,7 +81,6 @@ class ValueSerializerTest : public TestWithIsolate {
  // Overridden in more specific fixtures.
  virtual ValueSerializer::Delegate* GetSerializerDelegate() { return nullptr; }
  virtual void BeforeEncode(ValueSerializer*) {}
-  virtual void AfterEncode() {}
  virtual ValueDeserializer::Delegate* GetDeserializerDelegate() {
    return nullptr;
  }
@ -118,7 +117,6 @@ class ValueSerializerTest : public TestWithIsolate {
    if (!serializer.WriteValue(context, value).FromMaybe(false)) {
      return Nothing<std::vector<uint8_t>>();
    }
-    AfterEncode();
    std::pair<uint8_t*, size_t> buffer = serializer.Release();
    std::vector<uint8_t> result(buffer.first, buffer.first + buffer.second);
    free(buffer.first);
@ -1652,8 +1650,6 @@ class ValueSerializerTestWithArrayBufferTransfer : public ValueSerializerTest {
    serializer->TransferArrayBuffer(0, input_buffer_);
  }

-  void AfterEncode() override { input_buffer_->Neuter(); }
-
  void BeforeDecode(ValueDeserializer* deserializer) override {
    deserializer->TransferArrayBuffer(0, output_buffer_);
  }