918fe04351
PR-URL: https://github.com/nodejs/node/pull/58070 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
23 lines
994 B
JavaScript
23 lines
994 B
JavaScript
// Copyright 2024 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
//
|
|
// Flags: --expose-gc --expose-externalize-string --sandbox-testing
|
|
|
|
const kSeqStringType = Sandbox.getInstanceTypeIdFor("SEQ_ONE_BYTE_STRING_TYPE");
|
|
const kStringLengthOffset = Sandbox.getFieldOffset(kSeqStringType, "length");
|
|
|
|
let memory = new DataView(new Sandbox.MemoryView(0, 0x100000000));
|
|
|
|
let string = "foo" + "bar" + "baz";
|
|
assertEquals(Sandbox.getInstanceTypeIdOf(string), kSeqStringType);
|
|
|
|
let string_address = Sandbox.getAddressOf(string);
|
|
let orig_length = memory.getUint32(string_address + kStringLengthOffset, true);
|
|
assertEquals(orig_length, string.length);
|
|
let corrupted_length = Math.floor(Math.random() * 0x100000000);
|
|
memory.setUint32(string_address + kStringLengthOffset, corrupted_length, true);
|
|
|
|
// Externalization is one way to trigger a WriteToFlat on an external buffer.
|
|
externalizeString(string);
|