diff options
| author | Rubin Xu <rubinxu@google.com> | 2020-06-02 05:34:14 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-02 05:34:14 +0000 |
| commit | e2247cfb11b05cfe5d9e5a69499dd3182f26e219 (patch) | |
| tree | 25388490ca2517f7c4cd55d06f0e8d652ce90adc | |
| parent | 782b7b551569c0375935b00ce986fb42b2d4500f (diff) | |
| parent | 7646b279cfc785893bf436ad35c964446e6d519d (diff) | |
| download | v8-android11-qpr1-c-release.tar.gz | |
Fix integer overflow in NewFixedDoubleArray am: 0809cf96aa am: 0100d69c5c am: 97572ddffc am: 7646b279cfandroid-11.0.0_r31android-11.0.0_r30android-11.0.0_r29android-11.0.0_r28android-11.0.0_r27android-11.0.0_r26android-11.0.0_r24android-11.0.0_r23android-11.0.0_r22android-11.0.0_r21android-11.0.0_r20android-11.0.0_r19android-11.0.0_r18android11-qpr1-s2-releaseandroid11-qpr1-s1-releaseandroid11-qpr1-releaseandroid11-qpr1-d-s1-releaseandroid11-qpr1-d-releaseandroid11-qpr1-c-release
Original change: undetermined
Change-Id: Iebbfd30e1baf531d4f118165dc136358dd0e531d
| -rw-r--r-- | src/heap/factory.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/heap/factory.cc b/src/heap/factory.cc index c8528f9f..2ac0d990 100644 --- a/src/heap/factory.cc +++ b/src/heap/factory.cc @@ -469,7 +469,7 @@ Handle<FixedArrayBase> Factory::NewFixedDoubleArray(int length, PretenureFlag pretenure) { DCHECK_LE(0, length); if (length == 0) return empty_fixed_array(); - if (length > FixedDoubleArray::kMaxLength) { + if (length < 0 || length > FixedDoubleArray::kMaxLength) { isolate()->heap()->FatalProcessOutOfMemory("invalid array length"); } int size = FixedDoubleArray::SizeFor(length); |