v8/regress at 9f0f2cb7f08d0aecf22c684779b8ecd696bf9675 - v8

History

Simon Zünd 75eab984f5 Throw OOM when allocating uninitialized FixedArrays with negative length This CL fixes a negative capacity check up the call-chain to fix an issue found a clusterfuzz. This is temporary since mid-term we want to change the interface of allocation functions to take an unsigned C++ type, so implicit conversion errors like this one, can't happen. Fixed: chromium:1041240 Change-Id: Ib344e5738d2648fbf9a2951ca943ff566ddd5f09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000134 Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65746}	2020-01-14 10:02:26 +00:00
..
regress-crbug-938251-unittest.cc	Move relevant files to src/execution	2019-05-22 08:36:33 +00:00
regress-crbug-1041240-unittest.cc	Throw OOM when allocating uninitialized FixedArrays with negative length	2020-01-14 10:02:26 +00:00

Simon Zünd 75eab984f5 Throw OOM when allocating uninitialized FixedArrays with negative length

This CL fixes a negative capacity check up the call-chain to fix an
issue found a clusterfuzz. This is temporary since mid-term we want to
change the interface of allocation functions to take an unsigned C++
type, so implicit conversion errors like this one, can't happen.

Fixed: chromium:1041240
Change-Id: Ib344e5738d2648fbf9a2951ca943ff566ddd5f09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000134
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65746}

2020-01-14 10:02:26 +00:00

regress-crbug-938251-unittest.cc

Move relevant files to src/execution

2019-05-22 08:36:33 +00:00

regress-crbug-1041240-unittest.cc

Throw OOM when allocating uninitialized FixedArrays with negative length

2020-01-14 10:02:26 +00:00