From 0f85e20d3ecca6e7bf8ca3a290960b21a86c5a12 Mon Sep 17 00:00:00 2001
From: Michaël Zasso <targos@protonmail.com>
Date: Sat, 4 Aug 2018 18:09:52 +0200
Subject: deps: patch V8 to 6.8.275.30

Refs: https://github.com/v8/v8/compare/6.8.275.24...6.8.275.30

PR-URL: https://github.com/nodejs/node/pull/22125
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
---
 .../test/mjsunit/regress/regress-crbug-867776.js   | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-867776.js

(limited to 'deps/v8/test')

diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-867776.js b/deps/v8/test/mjsunit/regress/regress-crbug-867776.js
new file mode 100644
index 0000000000..f108f2acc4
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-crbug-867776.js
@@ -0,0 +1,22 @@
+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --expose-gc
+
+for (var i = 0; i < 3; i++) {
+  var array = new BigInt64Array(200);
+
+  function evil_callback() {
+    %ArrayBufferNeuter(array.buffer);
+    gc();
+    return 1094795585n;
+  }
+
+  var evil_object = {valueOf: evil_callback};
+  var root;
+  try {
+    root = BigInt64Array.of.call(function() { return array }, evil_object);
+  } catch(e) {}
+  gc();
+}
-- 
cgit v1.2.3