Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
deps: V8: cherry-pick 81814ed44574
Original commit message:

    [promise] Avoid stack overflow with context promise hooks in C++

    This was handled in JS but not in C++.

    Bug: chromium:236703, v8:11025
    Change-Id: Ic9adc4ceb4d2af2614427fec459c3e950654572f
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074460
    Commit-Queue: Camillo Bruni <cbruni@chromium.org>
    Reviewed-by: Victor Gomes <victorgomes@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76125}

Refs: v8/v8@81814ed
  • Loading branch information
Stephen Belanger committed Aug 9, 2021
commit ad2361c6d3444e5044e2df36c9a74663a785c4dc
2 changes: 1 addition & 1 deletion common.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.18',
'v8_embedder_string': '-node.19',

##### V8 defaults for Node.js #####

Expand Down
10 changes: 9 additions & 1 deletion deps/v8/src/objects/contexts.cc
Original file line number Diff line number Diff line change
Expand Up @@ -547,7 +547,15 @@ void NativeContext::RunPromiseHook(PromiseHookType type,

Handle<Object> receiver = isolate->global_proxy();

if (Execution::Call(isolate, hook, receiver, argc, argv).is_null()) {
StackLimitCheck check(isolate);
bool failed = false;
if (check.HasOverflowed()) {
isolate->StackOverflow();
failed = true;
} else {
failed = Execution::Call(isolate, hook, receiver, argc, argv).is_null();
}
if (failed) {
DCHECK(isolate->has_pending_exception());
Handle<Object> exception(isolate->pending_exception(), isolate);

Expand Down
8 changes: 8 additions & 0 deletions deps/v8/test/mjsunit/promise-hooks.js
Original file line number Diff line number Diff line change
Expand Up @@ -273,3 +273,11 @@ exceptions();

d8.promise.setHooks();
})();

(function overflow(){
d8.promise.setHooks(() => { new Promise(()=>{}) });
// Trigger overflow from JS code:
Promise.all([Promise.resolve(1)]);
%PerformMicrotaskCheckpoint();
d8.promise.setHooks();
});