| OLD | NEW |
|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/value-serializer.h" | 5 #include "src/value-serializer.h" |
| 6 | 6 |
| 7 #include <type_traits> | 7 #include <type_traits> |
| 8 | 8 |
| 9 #include "src/base/logging.h" | 9 #include "src/base/logging.h" |
| 10 #include "src/conversions.h" | 10 #include "src/conversions.h" |
| (...skipping 1628 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1639 Handle<Object> new_object; | 1639 Handle<Object> new_object; |
| 1640 switch (tag) { | 1640 switch (tag) { |
| 1641 case SerializationTag::kEndJSObject: { | 1641 case SerializationTag::kEndJSObject: { |
| 1642 ConsumeTag(SerializationTag::kEndJSObject); | 1642 ConsumeTag(SerializationTag::kEndJSObject); |
| 1643 | 1643 |
| 1644 // JS Object: Read the last 2*n values from the stack and use them as | 1644 // JS Object: Read the last 2*n values from the stack and use them as |
| 1645 // key-value pairs. | 1645 // key-value pairs. |
| 1646 uint32_t num_properties; | 1646 uint32_t num_properties; |
| 1647 if (!ReadVarint<uint32_t>().To(&num_properties) || | 1647 if (!ReadVarint<uint32_t>().To(&num_properties) || |
| 1648 stack.size() / 2 < num_properties) { | 1648 stack.size() / 2 < num_properties) { |
| 1649 isolate_->Throw(*isolate_->factory()->NewError( |
| 1650 MessageTemplate::kDataCloneDeserializationError)); |
| 1649 return MaybeHandle<Object>(); | 1651 return MaybeHandle<Object>(); |
| 1650 } | 1652 } |
| 1651 | 1653 |
| 1652 size_t begin_properties = | 1654 size_t begin_properties = |
| 1653 stack.size() - 2 * static_cast<size_t>(num_properties); | 1655 stack.size() - 2 * static_cast<size_t>(num_properties); |
| 1654 Handle<JSObject> js_object = isolate_->factory()->NewJSObject( | 1656 Handle<JSObject> js_object = isolate_->factory()->NewJSObject( |
| 1655 isolate_->object_function(), pretenure_); | 1657 isolate_->object_function(), pretenure_); |
| 1656 if (num_properties && | 1658 if (num_properties && |
| 1657 !SetPropertiesFromKeyValuePairs( | 1659 !SetPropertiesFromKeyValuePairs( |
| 1658 isolate_, js_object, &stack[begin_properties], num_properties) | 1660 isolate_, js_object, &stack[begin_properties], num_properties) |
| 1659 .FromMaybe(false)) { | 1661 .FromMaybe(false)) { |
| 1662 isolate_->Throw(*isolate_->factory()->NewError( |
| 1663 MessageTemplate::kDataCloneDeserializationError)); |
| 1660 return MaybeHandle<Object>(); | 1664 return MaybeHandle<Object>(); |
| 1661 } | 1665 } |
| 1662 | 1666 |
| 1663 stack.resize(begin_properties); | 1667 stack.resize(begin_properties); |
| 1664 new_object = js_object; | 1668 new_object = js_object; |
| 1665 break; | 1669 break; |
| 1666 } | 1670 } |
| 1667 case SerializationTag::kEndSparseJSArray: { | 1671 case SerializationTag::kEndSparseJSArray: { |
| 1668 ConsumeTag(SerializationTag::kEndSparseJSArray); | 1672 ConsumeTag(SerializationTag::kEndSparseJSArray); |
| 1669 | 1673 |
| 1670 // Sparse JS Array: Read the last 2*|num_properties| from the stack. | 1674 // Sparse JS Array: Read the last 2*|num_properties| from the stack. |
| 1671 uint32_t num_properties; | 1675 uint32_t num_properties; |
| 1672 uint32_t length; | 1676 uint32_t length; |
| 1673 if (!ReadVarint<uint32_t>().To(&num_properties) || | 1677 if (!ReadVarint<uint32_t>().To(&num_properties) || |
| 1674 !ReadVarint<uint32_t>().To(&length) || | 1678 !ReadVarint<uint32_t>().To(&length) || |
| 1675 stack.size() / 2 < num_properties) { | 1679 stack.size() / 2 < num_properties) { |
| 1680 isolate_->Throw(*isolate_->factory()->NewError( |
| 1681 MessageTemplate::kDataCloneDeserializationError)); |
| 1676 return MaybeHandle<Object>(); | 1682 return MaybeHandle<Object>(); |
| 1677 } | 1683 } |
| 1678 | 1684 |
| 1679 Handle<JSArray> js_array = isolate_->factory()->NewJSArray( | 1685 Handle<JSArray> js_array = isolate_->factory()->NewJSArray( |
| 1680 0, TERMINAL_FAST_ELEMENTS_KIND, pretenure_); | 1686 0, TERMINAL_FAST_ELEMENTS_KIND, pretenure_); |
| 1681 JSArray::SetLength(js_array, length); | 1687 JSArray::SetLength(js_array, length); |
| 1682 size_t begin_properties = | 1688 size_t begin_properties = |
| 1683 stack.size() - 2 * static_cast<size_t>(num_properties); | 1689 stack.size() - 2 * static_cast<size_t>(num_properties); |
| 1684 if (num_properties && | 1690 if (num_properties && |
| 1685 !SetPropertiesFromKeyValuePairs( | 1691 !SetPropertiesFromKeyValuePairs( |
| 1686 isolate_, js_array, &stack[begin_properties], num_properties) | 1692 isolate_, js_array, &stack[begin_properties], num_properties) |
| 1687 .FromMaybe(false)) { | 1693 .FromMaybe(false)) { |
| 1694 isolate_->Throw(*isolate_->factory()->NewError( |
| 1695 MessageTemplate::kDataCloneDeserializationError)); |
| 1688 return MaybeHandle<Object>(); | 1696 return MaybeHandle<Object>(); |
| 1689 } | 1697 } |
| 1690 | 1698 |
| 1691 stack.resize(begin_properties); | 1699 stack.resize(begin_properties); |
| 1692 new_object = js_array; | 1700 new_object = js_array; |
| 1693 break; | 1701 break; |
| 1694 } | 1702 } |
| 1695 case SerializationTag::kEndDenseJSArray: { | 1703 case SerializationTag::kEndDenseJSArray: { |
| 1696 // This was already broken in Chromium, and apparently wasn't missed. | 1704 // This was already broken in Chromium, and apparently wasn't missed. |
| 1697 isolate_->Throw(*isolate_->factory()->NewError( | 1705 isolate_->Throw(*isolate_->factory()->NewError( |
| (...skipping 18 matching lines...) Expand all Loading... |
| 1716 if (stack.size() != 1) { | 1724 if (stack.size() != 1) { |
| 1717 isolate_->Throw(*isolate_->factory()->NewError( | 1725 isolate_->Throw(*isolate_->factory()->NewError( |
| 1718 MessageTemplate::kDataCloneDeserializationError)); | 1726 MessageTemplate::kDataCloneDeserializationError)); |
| 1719 return MaybeHandle<Object>(); | 1727 return MaybeHandle<Object>(); |
| 1720 } | 1728 } |
| 1721 return scope.CloseAndEscape(stack[0]); | 1729 return scope.CloseAndEscape(stack[0]); |
| 1722 } | 1730 } |
| 1723 | 1731 |
| 1724 } // namespace internal | 1732 } // namespace internal |
| 1725 } // namespace v8 | 1733 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2394983002:
Throw a deserialization error internally in ValueDeserializer (previously-missed cases). (Closed)
