Skip to content

Commit

Permalink
deps: V8: cherry-pick e061cf9970d9
Browse files Browse the repository at this point in the history 
Original commit message:

    [arraybuffers] initialize max byte length of empty array buffers

    Without initializing the max byte length field, any empty array
    buffer captured in the snapshot can make the snapshot unreproducible.

    Refs: #53579

    Change-Id: I2489ab2e57ecbb405ec431a87d0acc92822b777c
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5662576
    Reviewed-by: Marja Hölttä <marja@chromium.org>
    Commit-Queue: Marja Hölttä <marja@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#94754}

Refs: v8/v8@e061cf9
PR-URL: #53755
Fixes: #53579
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
  • Loading branch information
@joyeecheung @aduh95
joyeecheung authored and aduh95 committed Jul 16, 2024
1 parent 128e514 commit 29a734c
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion common.gypi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.15',
'v8_embedder_string': '-node.16',

##### V8 defaults for Node.js #####

Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/builtins/builtins-typed-array-gen.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ TNode<JSArrayBuffer> TypedArrayBuiltinsAssembler::AllocateEmptyOnHeapBuffer(
UndefinedConstant());
StoreBoundedSizeToObject(buffer, JSArrayBuffer::kRawByteLengthOffset,
UintPtrConstant(0));
StoreBoundedSizeToObject(buffer, JSArrayBuffer::kRawMaxByteLengthOffset,
UintPtrConstant(0));
StoreSandboxedPointerToObject(buffer, JSArrayBuffer::kBackingStoreOffset,
EmptyBackingStoreBufferConstant());
#ifdef V8_COMPRESS_POINTERS
Expand Down

0 comments on commit 29a734c

Please sign in to comment.