[SharedArrayBuffer] Prevent SharedArrayBuffer being used in Web APIs

third_party/WebKit/Source/bindings/core/v8/V8Binding.h

 /*
 * Copyright (C) 2009 Google Inc. All rights reserved.
 * Copyright (C) 2012 Ericsson AB. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
@@ skipping 29 matching lines @@
 #include "bindings/core/v8/ScriptState.h"
 #include "bindings/core/v8/ScriptValue.h"
 #include "bindings/core/v8/ScriptWrappable.h"
 #include "bindings/core/v8/V8BindingMacros.h"
 #include "bindings/core/v8/V8PerIsolateData.h"
 #include "bindings/core/v8/V8ScriptRunner.h"
 #include "bindings/core/v8/V8StringResource.h"
 #include "bindings/core/v8/V8ThrowException.h"
 #include "bindings/core/v8/V8ValueCache.h"
 #include "core/CoreExport.h"
+#include "core/dom/NotShared.h"
 #include "platform/heap/Handle.h"
 #include "platform/wtf/text/AtomicString.h"
 #include "platform/wtf/text/StringView.h"
 #include "v8/include/v8.h"
 
 namespace blink {
 
 class DOMWindow;
 class EventListener;
 class EventTarget;
@@ skipping 149 matching lines @@
   V8SetReturnValue(callback_info, ToV8(impl, callback_info.Holder(),
                                        callback_info.GetIsolate()));
 }
 
 template <typename CallbackInfo, typename T>
 inline void V8SetReturnValue(const CallbackInfo& callback_info,
                              PassRefPtr<T> impl) {
   V8SetReturnValue(callback_info, impl.Get());
 }
 
+template <typename CallbackInfo, typename T>
+inline void V8SetReturnValue(const CallbackInfo& callbackInfo,
+                             NotShared<T> notShared) {
+  V8SetReturnValue(callbackInfo, notShared.View());
+}
+
 template <typename CallbackInfo>
 inline void V8SetReturnValueForMainWorld(const CallbackInfo& callback_info,
                                          ScriptWrappable* impl) {
   ASSERT(DOMWrapperWorld::Current(callback_info.GetIsolate()).IsMainWorld());
   if (UNLIKELY(!impl)) {
     V8SetReturnValueNull(callback_info);
     return;
   }
   if (DOMDataStore::SetReturnValueForMainWorld(callback_info.GetReturnValue(),
                                                impl))
@@ skipping 98 matching lines @@
   V8SetReturnValueFast(callback_info, impl.Get(), wrappable);
 }
 
 template <typename CallbackInfo, typename T>
 inline void V8SetReturnValueFast(const CallbackInfo& callback_info,
                                  const v8::Local<T> handle,
                                  const ScriptWrappable*) {
   V8SetReturnValue(callback_info, handle);
 }
 
+template <typename CallbackInfo, typename T>
+inline void V8SetReturnValueFast(const CallbackInfo& callbackInfo,
+                                 NotShared<T> notShared,
+                                 const ScriptWrappable* wrappable) {
+  V8SetReturnValueFast(callbackInfo, notShared.View(), wrappable);
+}
+
 // Convert v8::String to a WTF::String. If the V8 string is not already
 // an external string then it is transformed into an external string at this
 // point to avoid repeated conversions.
 inline String ToCoreString(v8::Local<v8::String> value) {
   return V8StringToWebCoreString<String>(value, kExternalize);
 }
 
 inline String ToCoreStringWithNullCheck(v8::Local<v8::String> value) {
   if (value.IsEmpty() || value->IsNull())
     return String();
@@ skipping 809 matching lines @@
 
 // Freeze a V8 object. The type of the first parameter and the return value is
 // intentionally v8::Value so that this function can wrap ToV8().
 // If the argument isn't an object, this will crash.
 CORE_EXPORT v8::Local<v8::Value> FreezeV8Object(v8::Local<v8::Value>,
                                                 v8::Isolate*);
 
 CORE_EXPORT v8::Local<v8::Value> FromJSONString(v8::Isolate*,
                                                 const String& stringified_json,
                                                 ExceptionState&);
+
+// Ensure that a typed array value is not backed by a SharedArrayBuffer. If it
+// is, an exception will be thrown. The return value will use the NotShared
+// wrapper type.
+template <typename NotSharedType>
+NotSharedType ToNotShared(v8::Isolate* isolate,
+                          v8::Local<v8::Value> value,
+                          ExceptionState& exception_state) {
+  using DOMTypedArray = typename NotSharedType::TypedArrayType;
+  DOMTypedArray* dom_typed_array =
+      V8TypeOf<DOMTypedArray>::Type::toImplWithTypeCheck(isolate, value);
+  if (dom_typed_array && dom_typed_array->IsShared()) {
+    exception_state.ThrowTypeError(
+        "The provided ArrayBufferView value must not be shared.");
+    return NotSharedType();
+  }
+  return NotSharedType(dom_typed_array);
+}
+
 }  // namespace blink
 
 #endif  // V8Binding_h