The callback IsolateData::ModuleResolveCallback, used by the fuzzer,
can return an empty MaybeLocal.
In this case v8::internal::SourceTextModule::PrepareInstantiate expects
it to have thrown an exception, and DCHECKs.
The fuzzer can hit this case because it doesn't load the entire module
graph before starting to tell V8 to instantiate modules. So if a module
fails to compile or load, another module trying to import it will hit
this DCHECK because we didn't bail out prior to module instantiation
like we should have.
This doesn't happen in Chromium because Blink loads the entire module
graph before trying to instantiate/link modules, ensuring that the
'real' ModuleRecord::ResolveModuleCallback never fails; indeed this is
mandated by the spec (see
https://html.spec.whatwg.org/#fetch-the-descendants-of-and-link-a-module-script).
To satisfy the fuzzer, this change makes
IsolateData::ModuleResolveCallback throw if it can't find the module.
Note, the bug's testcase doesn't involve import assertions. I don't
think this issue is new with my change
9d72d08a8c
but maybe that changed the crash stack or something in a way that
caused the issue to be reported.
Bug: chromium:1207078
Change-Id: I1fbc80faa099e040cdc489c965a5f2f5daafb38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890589
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74526}
13bf4f38c6