diff options
Diffstat (limited to 'deps/v8/src/builtins/builtins-arraybuffer.cc')
| -rw-r--r-- | deps/v8/src/builtins/builtins-arraybuffer.cc | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/deps/v8/src/builtins/builtins-arraybuffer.cc b/deps/v8/src/builtins/builtins-arraybuffer.cc index 9ecb1815bc..b062b9ca3c 100644 --- a/deps/v8/src/builtins/builtins-arraybuffer.cc +++ b/deps/v8/src/builtins/builtins-arraybuffer.cc @@ -30,29 +30,38 @@ namespace { Object ConstructBuffer(Isolate* isolate, Handle<JSFunction> target, Handle<JSReceiver> new_target, Handle<Object> length, - bool initialize) { + InitializedFlag initialized) { + SharedFlag shared = (*target != target->native_context().array_buffer_fun()) + ? SharedFlag::kShared + : SharedFlag::kNotShared; Handle<JSObject> result; ASSIGN_RETURN_FAILURE_ON_EXCEPTION( isolate, result, JSObject::New(target, new_target, Handle<AllocationSite>::null())); + auto array_buffer = Handle<JSArrayBuffer>::cast(result); + // Ensure that all fields are initialized because BackingStore::Allocate is + // allowed to GC. Note that we cannot move the allocation of the ArrayBuffer + // after BackingStore::Allocate because of the spec. + array_buffer->Setup(shared, nullptr); + size_t byte_length; if (!TryNumberToSize(*length, &byte_length) || byte_length > JSArrayBuffer::kMaxByteLength) { - JSArrayBuffer::SetupAsEmpty(Handle<JSArrayBuffer>::cast(result), isolate); + // ToNumber failed. THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewRangeError(MessageTemplate::kInvalidArrayBufferLength)); } - SharedFlag shared_flag = - (*target == target->native_context().array_buffer_fun()) - ? SharedFlag::kNotShared - : SharedFlag::kShared; - if (!JSArrayBuffer::SetupAllocatingData(Handle<JSArrayBuffer>::cast(result), - isolate, byte_length, initialize, - shared_flag)) { + + auto backing_store = + BackingStore::Allocate(isolate, byte_length, shared, initialized); + if (!backing_store) { + // Allocation of backing store failed. THROW_NEW_ERROR_RETURN_FAILURE( isolate, NewRangeError(MessageTemplate::kArrayBufferAllocationFailed)); } - return *result; + + array_buffer->Attach(std::move(backing_store)); + return *array_buffer; } } // namespace @@ -80,7 +89,8 @@ BUILTIN(ArrayBufferConstructor) { isolate, NewRangeError(MessageTemplate::kInvalidArrayBufferLength)); } - return ConstructBuffer(isolate, target, new_target, number_length, true); + return ConstructBuffer(isolate, target, new_target, number_length, + InitializedFlag::kZeroInitialized); } // This is a helper to construct an ArrayBuffer with uinitialized memory. @@ -91,7 +101,8 @@ BUILTIN(ArrayBufferConstructor_DoNotInitialize) { Handle<JSFunction> target(isolate->native_context()->array_buffer_fun(), isolate); Handle<Object> length = args.atOrUndefined(isolate, 1); - return ConstructBuffer(isolate, target, target, length, false); + return ConstructBuffer(isolate, target, target, length, + InitializedFlag::kUninitialized); } // ES6 section 24.1.4.1 get ArrayBuffer.prototype.byteLength |