3656b4656e
This CL fixes a bug found by Clusterfuzz, in which the functions LoadDataViewByteOffset and -ByteLength incorrectly had a return type of TNode<Smi> instead of TNode<Number>. This caused a CAST() call to fail when the requested byte offset or byte length did not fit inside a Smi, i.e. when the underlying ArrayBuffer of the DataView had a length longer than 2^30 on 32-bit platforms. The CL also includes a new test in mjsunit to test against this. Bug: chromium:869313 Change-Id: Ibb7d29bda5782a12c4b506c070bb03fef8c3ec70 Reviewed-on: https://chromium-review.googlesource.com/1158582 Commit-Queue: Théotime Grohens <theotime@google.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#54900} |
||
---|---|---|
.. | ||
benchmarks | ||
cctest | ||
common | ||
debugger | ||
fuzzer | ||
inspector | ||
intl | ||
js-perf-test | ||
memory | ||
message | ||
mjsunit | ||
mkgrokdump | ||
mozilla | ||
preparser | ||
test262 | ||
torque | ||
unittests | ||
wasm-spec-tests | ||
webkit | ||
BUILD.gn |