Fix Integer Overflow in libpac

From the upstream patch
(https://chromium.googlesource.com/v8/v8.git/+/7b27040e66c8a83006aebc90fe97d21bb42156a7%5E%21/#F0):

"""
Harden JSFunction::CalculateInstanceSizeHelper(...)
"""

Bug: 117556220

Test: /data/local/nativetest/proxy_resolver_v8_unittest/proxy_resolver_v8_unittest

Test: gts-tradefed run gts --test \
  com.google.android.gts.devicepolicy.DeviceOwnerTest#testProxyPacProxyTest \
  --module GtsGmscoreHostTestCases

Test: PoC from bug report

Merged-In: I2e02d994f107e64e4f465b4d8a02d4159a95240e

Change-Id: I72321236f4d4cf8da993addc3ef7a1dc018c434b
(cherry picked from commit cc15c8f69c835e5c1fcfd4992cb21adbda41bd03)
2 files changed
tree: 9765621ed4a6a37cc22eb92aeff1c7f2e15c8c8e
  1. .clang-format
  2. .gitignore
  3. .gn
  4. .landmines
  5. .ycm_extra_conf.py
  6. AUTHORS
  7. Android.base.mk
  8. Android.d8.mk
  9. Android.libv8.mk
  10. Android.mk
  11. Android.mkpeephole.mk
  12. Android.platform.mk
  13. Android.sampler.mk
  14. Android.v8.mk
  15. Android.v8common.mk
  16. Android.v8gen.mk
  17. BUILD.gn
  18. CODE_OF_CONDUCT.md
  19. ChangeLog
  20. DEPS
  21. LICENSE
  22. LICENSE.fdlibm
  23. LICENSE.strongtalk
  24. LICENSE.v8
  25. LICENSE.valgrind
  26. MODULE_LICENSE_BSD
  27. Makefile
  28. Makefile.android
  29. NOTICE
  30. OWNERS
  31. PRESUBMIT.py
  32. README.md
  33. V8_MERGE_REVISION
  34. WATCHLISTS
  35. base/
  36. benchmarks/
  37. build_overrides/
  38. codereview.settings
  39. docs/
  40. genmakefiles.py
  41. gni/
  42. gypfiles/
  43. include/
  44. infra/
  45. merge.py
  46. samples/
  47. snapshot_toolchain.gni
  48. src/
  49. testing/
  50. tools/
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.