From f3b77a2ac96945b5c8b0082478df4afff71cc288 Mon Sep 17 00:00:00 2001
From: Maya Lekova <mslekova@chromium.org>
Date: Tue, 24 Nov 2020 11:04:16 +0000
Subject: [PATCH] Revert "[int] Fix security bug in Intl.ListFormat"

This reverts commit 1341dbd2096b230129464fe244c46301eaf8dfea.

Reason for revert: The new test is failing on arm64 simulator MSAN - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/35559

Original change's description:
> [int] Fix security bug in Intl.ListFormat
>
> Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1
>
> Real fix in https://chromium.googlesource.com/chromium/deps/icu/+/3bf08c6a50f77921ae79d4e715b580b959e494c7
>
> Bug: chromium:1150371
> Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71357}

TBR=jkummerow@chromium.org,machenbach@chromium.org,ftang@chromium.org,syg@chromium.org

Change-Id: I10862ad1fb308d1610b8f7a80cca43c010475397
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1150371
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557512
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71362}
---
 test/intl/regress-1150371.js | 8 --------
 1 file changed, 8 deletions(-)
 delete mode 100644 test/intl/regress-1150371.js

diff --git a/test/intl/regress-1150371.js b/test/intl/regress-1150371.js
deleted file mode 100644
index b1c9dae00d..0000000000
--- a/test/intl/regress-1150371.js
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2020 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Make sure it won't crash
-var s = "b".repeat(0xAAAFFFF);
-assertThrows(() => new Intl.ListFormat().format(Array(16).fill(s)).length,
-    TypeError);