6c07d6e3d8
Sorting a TypedArray with a custom compare function requires us to copy the array's contents to a FixedArray. When the TypedArray is larger than FixedArray::kMaxLength, we should throw a RangeError rather than crashing with an OOM message. Fixed: v8:10931 Change-Id: I8a27cc0ac80a9172bc5e8e154fdf4ccce5974317 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440575 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70232}
15 lines
496 B
JavaScript
15 lines
496 B
JavaScript
// Copyright 2020 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
const kLargerThanFixedArrayMaxLength = 200_000_000;
|
|
var x = new Int8Array(kLargerThanFixedArrayMaxLength);
|
|
try {
|
|
var y = x.sort((a, b) => b - a);
|
|
} catch (e) {
|
|
// Throwing is okay, crashing is not.
|
|
assertInstanceof(e, TypeError);
|
|
assertMatches(
|
|
/not supported for huge TypedArrays/, e.message, 'Error message');
|
|
}
|