Fix integer overflow in NewFixedDoubleArray
Bug: 150706594
Test: atest proxy_resolver_v8_unittest
Change-Id: I23ccda06bdb2dba631236828e5d6eeaf88717812
diff --git a/src/heap/factory.cc b/src/heap/factory.cc
index c8528f9..2ac0d99 100644
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -469,7 +469,7 @@
PretenureFlag pretenure) {
DCHECK_LE(0, length);
if (length == 0) return empty_fixed_array();
- if (length > FixedDoubleArray::kMaxLength) {
+ if (length < 0 || length > FixedDoubleArray::kMaxLength) {
isolate()->heap()->FatalProcessOutOfMemory("invalid array length");
}
int size = FixedDoubleArray::SizeFor(length);