Handle errors in v8::ValueDeserializer by throwing exceptions.

src/value-serializer.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/value-serializer.h"
 
 #include <type_traits>
 
 #include "src/base/logging.h"
 #include "src/conversions.h"
@@ skipping 664 matching lines @@
   Handle<Object> transfer_map_handle;
   if (array_buffer_transfer_map_.ToHandle(&transfer_map_handle)) {
     GlobalHandles::Destroy(transfer_map_handle.location());
   }
 }
 
 Maybe<bool> ValueDeserializer::ReadHeader() {
   if (position_ < end_ &&
       *position_ == static_cast<uint8_t>(SerializationTag::kVersion)) {
     ReadTag().ToChecked();
-    if (!ReadVarint<uint32_t>().To(&version_)) return Nothing<bool>();
-    if (version_ > kLatestVersion) return Nothing<bool>();
+    if (!ReadVarint<uint32_t>().To(&version_) || version_ > kLatestVersion) {
+      isolate_->Throw(*isolate_->factory()->NewError(
+          MessageTemplate::kDataCloneDeserializationVersionError));
+      return Nothing<bool>();
+    }
   }
   return Just(true);
 }
 
 Maybe<SerializationTag> ValueDeserializer::PeekTag() const {
   const uint8_t* peek_position = position_;
   SerializationTag tag;
   do {
     if (peek_position >= end_) return Nothing<SerializationTag>();
     tag = static_cast<SerializationTag>(*peek_position);
@@ skipping 100 matching lines @@
   // ArrayBufferView is special in that it consumes the value before it, even
   // after format version 0.
   Handle<Object> object;
   SerializationTag tag;
   if (result.ToHandle(&object) && V8_UNLIKELY(object->IsJSArrayBuffer()) &&
       PeekTag().To(&tag) && tag == SerializationTag::kArrayBufferView) {
     ConsumeTag(SerializationTag::kArrayBufferView);
     result = ReadJSArrayBufferView(Handle<JSArrayBuffer>::cast(object));
   }
 
+  if (result.is_null() && !isolate_->has_pending_exception()) {
+    isolate_->Throw(*isolate_->factory()->NewError(
+        MessageTemplate::kDataCloneDeserializationError));
+  }
+
   return result;
 }
 
 MaybeHandle<Object> ValueDeserializer::ReadObjectInternal() {
   SerializationTag tag;
   if (!ReadTag().To(&tag)) return MaybeHandle<Object>();
   switch (tag) {
     case SerializationTag::kVerifyObjectCount:
       // Read the count and ignore it.
       if (ReadVarint<uint32_t>().IsNothing()) return MaybeHandle<Object>();
@@ skipping 475 matching lines @@
         JSObject::DefineOwnPropertyIgnoreAttributes(&it, value, NONE)
             .is_null()) {
       return Nothing<bool>();
     }
   }
   return Just(true);
 }
 
 MaybeHandle<Object>
 ValueDeserializer::ReadObjectUsingEntireBufferForLegacyFormat() {
-  if (version_ > 0) return MaybeHandle<Object>();
-
+  DCHECK_EQ(version_, 0);
   HandleScope scope(isolate_);
   std::vector<Handle<Object>> stack;
   while (position_ < end_) {
     SerializationTag tag;
     if (!PeekTag().To(&tag)) break;
 
     Handle<Object> new_object;
     switch (tag) {
       case SerializationTag::kEndJSObject: {
         ConsumeTag(SerializationTag::kEndJSObject);
@@ skipping 41 matching lines @@
             !SetPropertiesFromKeyValuePairs(
                  isolate_, js_array, &stack[begin_properties], num_properties)
                  .FromMaybe(false)) {
           return MaybeHandle<Object>();
         }
 
         stack.resize(begin_properties);
         new_object = js_array;
         break;
       }
-      case SerializationTag::kEndDenseJSArray:
+      case SerializationTag::kEndDenseJSArray: {
         // This was already broken in Chromium, and apparently wasn't missed.
+        isolate_->Throw(*isolate_->factory()->NewError(
+            MessageTemplate::kDataCloneDeserializationError));
         return MaybeHandle<Object>();
+      }
       default:
         if (!ReadObject().ToHandle(&new_object)) return MaybeHandle<Object>();
         break;
     }
     stack.push_back(new_object);
   }
 
 // Nothing remains but padding.
 #ifdef DEBUG
   while (position_ < end_) {
     DCHECK(*position_++ == static_cast<uint8_t>(SerializationTag::kPadding));
   }
 #endif
   position_ = end_;
 
-  if (stack.size() != 1) return MaybeHandle<Object>();
+  if (stack.size() != 1) {
+    isolate_->Throw(*isolate_->factory()->NewError(
+        MessageTemplate::kDataCloneDeserializationError));
+    return MaybeHandle<Object>();
+  }
   return scope.CloseAndEscape(stack[0]);
 }
 
 }  // namespace internal
 }  // namespace v8