Skip to content

Commit

Permalink
deps: V8: backport dfcf1e86fac0
Browse files Browse the repository at this point in the history
Original commit message:

    [wasm] PostMessage of Memory.buffer should throw

    PostMessage of an ArrayBuffer that is not detachable should result
    in a DataCloneError.

    Bug: chromium:1170176, chromium:961059
    Change-Id: Ib89bbc10d2b58918067fd1a90365cad10a0db9ec
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2653810
    Reviewed-by: Adam Klein <adamk@chromium.org>
    Reviewed-by: Andreas Haas <ahaas@chromium.org>
    Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#72415}

Refs: v8/v8@dfcf1e8

PR-URL: #37245
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
targos authored and ruyadorno committed Feb 8, 2021
1 parent 427968d commit 680496e
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 2 deletions.
2 changes: 1 addition & 1 deletion common.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.45',
'v8_embedder_string': '-node.46',

##### V8 defaults for Node.js #####

Expand Down
4 changes: 3 additions & 1 deletion deps/v8/src/common/message-template.h
Original file line number Diff line number Diff line change
Expand Up @@ -554,7 +554,9 @@ namespace internal {
T(DataCloneError, "% could not be cloned.") \
T(DataCloneErrorOutOfMemory, "Data cannot be cloned, out of memory.") \
T(DataCloneErrorDetachedArrayBuffer, \
"An ArrayBuffer is neutered and could not be cloned.") \
"An ArrayBuffer is detached and could not be cloned.") \
T(DataCloneErrorNonDetachableArrayBuffer, \
"ArrayBuffer is not detachable and could not be cloned.") \
T(DataCloneErrorSharedArrayBufferTransferred, \
"A SharedArrayBuffer could not be cloned. SharedArrayBuffer must not be " \
"transferred.") \
Expand Down
5 changes: 5 additions & 0 deletions deps/v8/src/objects/value-serializer.cc
Original file line number Diff line number Diff line change
Expand Up @@ -877,6 +877,11 @@ Maybe<bool> ValueSerializer::WriteJSArrayBuffer(
WriteVarint(index.FromJust());
return ThrowIfOutOfMemory();
}
if (!array_buffer->is_detachable()) {
ThrowDataCloneError(
MessageTemplate::kDataCloneErrorNonDetachableArrayBuffer);
return Nothing<bool>();
}

uint32_t* transfer_entry = array_buffer_transfer_map_.Find(array_buffer);
if (transfer_entry) {
Expand Down
7 changes: 7 additions & 0 deletions deps/v8/test/mjsunit/wasm/worker-memory.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@
assertThrows(() => worker.postMessage(memory), Error);
})();

(function TestPostMessageUnsharedMemoryBuffer() {
let worker = new Worker('', {type: 'string'});
let memory = new WebAssembly.Memory({initial: 1, maximum: 2});

assertThrows(() => worker.postMessage(memory.buffer), Error);
})();

// Can't use assert in a worker.
let workerHelpers =
`function assertTrue(value, msg) {
Expand Down

0 comments on commit 680496e

Please sign in to comment.