Reviewers: jarin,
Description:
Fix cluster-fuzz bug introduced in refs/heads/master@{#28796}.
Don't DCHECK when neutering that the buffer is not a SharedArrayBuffer;
instead, just return early.
BUG=498142
[email protected]
Please review this at https://codereview.chromium.org/1174753002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+4, -2 lines):
M src/runtime/runtime-typedarray.cc
Index: src/runtime/runtime-typedarray.cc
diff --git a/src/runtime/runtime-typedarray.cc
b/src/runtime/runtime-typedarray.cc
index
217d739a11edcf7dd7fe86d7eb7019170dc720a0..bbcdfccd20f08c3cf7bbe3c9bdd6f2f681a15749
100644
--- a/src/runtime/runtime-typedarray.cc
+++ b/src/runtime/runtime-typedarray.cc
@@ -143,8 +143,10 @@ RUNTIME_FUNCTION(Runtime_ArrayBufferNeuter) {
CHECK(Smi::FromInt(0) == array_buffer->byte_length());
return isolate->heap()->undefined_value();
}
- // Shared array buffers should never be neutered.
- DCHECK(!array_buffer->is_shared());
+ if (array_buffer->is_shared()) {
+ // Shared array buffers should never be neutered.
+ return isolate->heap()->undefined_value();
+ }
DCHECK(!array_buffer->is_external());
void* backing_store = array_buffer->backing_store();
size_t byte_length = NumberToSize(isolate, array_buffer->byte_length());
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
