AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
0004733c08
v8/test
History
jbroman 0004733c08 ValueSerializer: Add more checks before trying to allocate memory for a dense array. 
Found with libfuzzer. The length is automatically converted to int (thus
large sizes could become negative, even though they are legal "array sizes").
Besides that, the length is coerced to a SMI (which is an even tighter
constraint on 32-bit systems, where it limits the legal sizes to 2^30 - 1).

Add checks that the length of a dense array is below that threshold, and also
fail fast if a length that is provided obviously could not be the correct dense
length (because there isn't enough data left in the buffer to populate such an
array).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2399873002
Cr-Commit-Position: refs/heads/master@{#40094}
2016-10-07 17:53:23 +00:00
..
benchmarks [gn] Move build to gypfiles 2016-04-29 10:11:11 +00:00
cctest Add Smi::Zero and replace all Smi::FromInt(0) calls 2016-10-07 13:05:26 +00:00
common [wasm] Move test-signatures.h from test/cctest to test/common 2016-10-05 12:00:03 +00:00
fuzzer [parser] Remove obsolete ParseInfo::is_global flag. 2016-10-07 08:30:01 +00:00
inspector [inspector] filter useless in preview internal properties 2016-10-07 01:16:28 +00:00
inspector_protocol_parser_test [inspector] Remove inspector_protocol_parser_test target. 2016-08-11 16:45:14 +00:00
intl [wasm] asm.js: Add asm_wasm variant to test asm.js->wasm pipeline. 2016-09-19 23:57:13 +00:00
js-perf-test [test] Add missing js-test resource. 2016-10-07 12:28:03 +00:00
memory [snapshot] support multiple contexts in the same snapshot. 2016-06-15 15:39:06 +00:00
message [es8] Remove syntactic tail calls support. 2016-09-28 08:25:45 +00:00
mjsunit [test] Skip more flaky wasm tests for gc stress 2016-10-07 16:36:57 +00:00
mozilla [turbofan] Don't take into account source size for inlining heuristics. 2016-09-23 16:23:34 +00:00
preparser [gn] Move build to gypfiles 2016-04-29 10:11:11 +00:00
promises-aplus
simdjs [test] Deprecate test data download for most test suites 2016-08-08 12:39:48 +00:00
test262 [test] Fix exception parsing in test262. 2016-10-07 10:21:06 +00:00
unittests ValueSerializer: Add more checks before trying to allocate memory for a dense array. 2016-10-07 17:53:23 +00:00
webkit [wasm] asm.js: Add asm_wasm variant to test asm.js->wasm pipeline. 2016-09-19 23:57:13 +00:00
bot_default.gyp [inspector] Remove inspector_protocol_parser_test target. 2016-08-11 16:45:14 +00:00
bot_default.isolate [inspector] Remove inspector_protocol_parser_test target. 2016-08-11 16:45:14 +00:00
BUILD.gn [inspector] added inspector test runner [part 1] 2016-09-30 15:52:46 +00:00
default.gyp [inspector] Remove inspector_protocol_parser_test target. 2016-08-11 16:45:14 +00:00
default.isolate [inspector] Remove inspector_protocol_parser_test target. 2016-08-11 16:45:14 +00:00
optimize_for_size.gyp [gn] Move build to gypfiles 2016-04-29 10:11:11 +00:00
optimize_for_size.isolate
perf.gyp [gn] Move build to gypfiles 2016-04-29 10:11:11 +00:00
perf.isolate