From 8cdddcdb685b76ce2e03961238701f2ba9cb428b Mon Sep 17 00:00:00 2001
From: Ali Ijaz Sheikh <ofrobots@google.com>
Date: Mon, 20 Mar 2017 10:04:48 -0700
Subject: [PATCH] deps: cherry-pick ca0f9573 from V8 upstream
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Original commit message:
  Trigger OOM crash if no memory returned in v8::ArrayBuffer::New and v…
  …8::SharedArrayBuffer::New.

  This API does not allow reporting failure, but we should crash rather than have
  the caller get an ArrayBuffer that isn't properly set up.

  BUG=chromium:681843

  Review-Url: https://codereview.chromium.org/2641953002
  Cr-Commit-Position: refs/heads/master@{#42511}

PR-URL: https://github.com/nodejs/node/pull/11940
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
---
 deps/v8/include/v8-version.h |  2 +-
 deps/v8/src/api.cc           | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
index 21d2a6ae9e2655..6d5adfc63e4b5d 100644
--- a/deps/v8/include/v8-version.h
+++ b/deps/v8/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 5
 #define V8_MINOR_VERSION 1
 #define V8_BUILD_NUMBER 281
-#define V8_PATCH_LEVEL 98
+#define V8_PATCH_LEVEL 99
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc
index 5b4cc7d8241cf0..d0c8317d4bd957 100644
--- a/deps/v8/src/api.cc
+++ b/deps/v8/src/api.cc
@@ -6763,7 +6763,11 @@ Local<ArrayBuffer> v8::ArrayBuffer::New(Isolate* isolate, size_t byte_length) {
   ENTER_V8(i_isolate);
   i::Handle<i::JSArrayBuffer> obj =
       i_isolate->factory()->NewJSArrayBuffer(i::SharedFlag::kNotShared);
-  i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length);
+  // TODO(jbroman): It may be useful in the future to provide a MaybeLocal
+  // version that throws an exception or otherwise does not crash.
+  if (!i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length)) {
+    i::FatalProcessOutOfMemory("v8::ArrayBuffer::New");
+  }
   return Utils::ToLocal(obj);
 }
 
@@ -6959,8 +6963,12 @@ Local<SharedArrayBuffer> v8::SharedArrayBuffer::New(Isolate* isolate,
   ENTER_V8(i_isolate);
   i::Handle<i::JSArrayBuffer> obj =
       i_isolate->factory()->NewJSArrayBuffer(i::SharedFlag::kShared);
-  i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length, true,
-                                        i::SharedFlag::kShared);
+  // TODO(jborman): It may be useful in the future to provide a MaybeLocal
+  // version that throws an exception or otherwise does not crash.
+  if (!i::JSArrayBuffer::SetupAllocatingData(obj, i_isolate, byte_length, true,
+                                             i::SharedFlag::kShared)) {
+    i::FatalProcessOutOfMemory("v8::SharedArrayBuffer::New");
+  }
   return Utils::ToLocalShared(obj);
 }