ValueDeserializer: Only allow valid keys when deserializing object properties.

ValueDeserializer: Only allow valid keys when deserializing object properties.

The serializer won't ever write a more complex object. Not validating this
allows other things to be used as keys, and converted to string when the
property set actually occurs. It turns out this gives an opportunity to trigger
OOM by giving an object a key which is a very large sparse array (whose string
representation is very large).

This case is now rejected by the deserializer.

BUG=chromium:686511
Review-Url: https://codereview.chromium.org/2697023002
Cr-Commit-Position: refs/heads/master@{#43249}
Committed: https://chromium.googlesource.com/v8/v8/+/8990399dc7c2f36ba4f566a415a0823d229dff21

[jbroman, 2017-02-15 16:56:18]

The CQ bit was checked by jbroman@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-15 16:56:24]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-15 17:20:48]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-15 17:20:49]

Dry run: This issue passed the CQ dry run.

[jbroman, 2017-02-15 18:03:41]

The CQ bit was checked by jbroman@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-15 18:03:43]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-15 18:26:33]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-15 18:26:34]

Dry run: This issue passed the CQ dry run.

[jbroman, 2017-02-15 18:31:41]

jbroman@chromium.org changed reviewers:
+ jkummerow@chromium.org

[Jakob Kummerow, 2017-02-16 09:41:11]

lgtm

[jbroman, 2017-02-16 13:58:14]

The CQ bit was checked by jbroman@chromium.org

[commit-bot: I haz the power, 2017-02-16 13:58:23]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-16 13:59:57]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1487253494188650,
"parent_rev": "67544daa5d339ba071c4f46c3a1a7358c3a2ad19", "commit_rev":
"8990399dc7c2f36ba4f566a415a0823d229dff21"}

[commit-bot: I haz the power, 2017-02-16 14:00:03]

Description was changed from

==========
ValueDeserializer: Only allow valid keys when deserializing object properties.

The serializer won't ever write a more complex object. Not validating this
allows other things to be used as keys, and converted to string when the
property set actually occurs. It turns out this gives an opportunity to trigger
OOM by giving an object a key which is a very large sparse array (whose string
representation is very large).

This case is now rejected by the deserializer.

BUG=chromium:686511
==========

to

==========
ValueDeserializer: Only allow valid keys when deserializing object properties.

The serializer won't ever write a more complex object. Not validating this
allows other things to be used as keys, and converted to string when the
property set actually occurs. It turns out this gives an opportunity to trigger
OOM by giving an object a key which is a very large sparse array (whose string
representation is very large).

This case is now rejected by the deserializer.

BUG=chromium:686511

Review-Url: https://codereview.chromium.org/2697023002
Cr-Commit-Position: refs/heads/master@{#43249}
Committed:
https://chromium.googlesource.com/v8/v8/+/8990399dc7c2f36ba4f566a415a0823d229...
==========

[commit-bot: I haz the power, 2017-02-16 14:00:04]

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/v8/v8/+/8990399dc7c2f36ba4f566a415a0823d229...