[runtime] Remove FATAL error in ConvertElementsWithCapacity
Bug: chromium:1206453
Change-Id: I808c8dd332e92835328e51515c4da812d3a3528c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891830
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74525}
diff --git a/src/objects/elements.cc b/src/objects/elements.cc
index 869e241..9fa41d0 100644
--- a/src/objects/elements.cc
+++ b/src/objects/elements.cc
@@ -811,23 +811,17 @@
Isolate* isolate = object->GetIsolate();
Handle<FixedArrayBase> new_elements;
// TODO(victorgomes): Retrieve native context in optimized code
- // and remove the fatal errors.
+ // and remove the check isolate->context().is_null().
if (IsDoubleElementsKind(kind())) {
- if (capacity < 0 || capacity > FixedDoubleArray::kMaxLength) {
- if (isolate->context().is_null()) {
- FATAL("Fatal JavaScript invalid array length");
- UNREACHABLE();
- }
+ if (!isolate->context().is_null() &&
+ !base::IsInRange(capacity, 0, FixedDoubleArray::kMaxLength)) {
return isolate->Throw<FixedArrayBase>(isolate->factory()->NewRangeError(
MessageTemplate::kInvalidArrayLength));
}
new_elements = isolate->factory()->NewFixedDoubleArray(capacity);
} else {
- if (capacity < 0 || capacity > FixedArray::kMaxLength) {
- if (isolate->context().is_null()) {
- FATAL("Fatal JavaScript invalid array length");
- UNREACHABLE();
- }
+ if (!isolate->context().is_null() &&
+ !base::IsInRange(capacity, 0, FixedArray::kMaxLength)) {
return isolate->Throw<FixedArrayBase>(isolate->factory()->NewRangeError(
MessageTemplate::kInvalidArrayLength));
}
