From ad2361c6d3444e5044e2df36c9a74663a785c4dc Mon Sep 17 00:00:00 2001 From: Stephen Belanger Date: Mon, 9 Aug 2021 09:40:08 -0700 Subject: [PATCH] deps: V8: cherry-pick 81814ed44574 Original commit message: [promise] Avoid stack overflow with context promise hooks in C++ This was handled in JS but not in C++. Bug: chromium:236703, v8:11025 Change-Id: Ic9adc4ceb4d2af2614427fec459c3e950654572f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074460 Commit-Queue: Camillo Bruni Reviewed-by: Victor Gomes Cr-Commit-Position: refs/heads/master@{#76125} Refs: https://github.com/v8/v8/commit/81814ed44574dbdb19ad22857220ac81fba5c107 --- common.gypi | 2 +- deps/v8/src/objects/contexts.cc | 10 +++++++++- deps/v8/test/mjsunit/promise-hooks.js | 8 ++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/common.gypi b/common.gypi index 4e1f4fb24e454b..fcd1cebeb56007 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.18', + 'v8_embedder_string': '-node.19', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/objects/contexts.cc b/deps/v8/src/objects/contexts.cc index eade27d934b776..6c700257059a59 100644 --- a/deps/v8/src/objects/contexts.cc +++ b/deps/v8/src/objects/contexts.cc @@ -547,7 +547,15 @@ void NativeContext::RunPromiseHook(PromiseHookType type, Handle receiver = isolate->global_proxy(); - if (Execution::Call(isolate, hook, receiver, argc, argv).is_null()) { + StackLimitCheck check(isolate); + bool failed = false; + if (check.HasOverflowed()) { + isolate->StackOverflow(); + failed = true; + } else { + failed = Execution::Call(isolate, hook, receiver, argc, argv).is_null(); + } + if (failed) { DCHECK(isolate->has_pending_exception()); Handle exception(isolate->pending_exception(), isolate); diff --git a/deps/v8/test/mjsunit/promise-hooks.js b/deps/v8/test/mjsunit/promise-hooks.js index f7c1558c1d2e20..c30a3f36da0b5c 100644 --- a/deps/v8/test/mjsunit/promise-hooks.js +++ b/deps/v8/test/mjsunit/promise-hooks.js @@ -273,3 +273,11 @@ exceptions(); d8.promise.setHooks(); })(); + +(function overflow(){ + d8.promise.setHooks(() => { new Promise(()=>{}) }); + // Trigger overflow from JS code: + Promise.all([Promise.resolve(1)]); + %PerformMicrotaskCheckpoint(); + d8.promise.setHooks(); +});