From 0bd8e1450146e8c083b19bbcb29b611cfe316003 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Sat, 17 Apr 2021 16:28:46 +0200
Subject: [PATCH] deps: V8: cherry-pick 813066946968
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Original commit message:

    [macro-assembler] Avoid using the isolate in CallRecordWriteStub

    CallRecordWriteStub is used in a background compile thread for
    JS-to-Wasm wrapper compilation, so it should avoid accessing the
    isolate.
    Call the builtin using CallBuiltin which does not require a Handle<Code>
    object and instead gets the call target directly from the embedded data.

    R=​clemensb@chromium.org

    (cherry picked from commit 6b3994e8507b32dfb956329395dbe33a2a8fee14)

    No-Try: true
    No-Presubmit: true
    No-Tree-Checks: true
    Bug: chromium:1146813
    Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593333
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
    Cr-Original-Commit-Position: refs/heads/master@{#71785}
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731535
    Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
    Reviewed-by: Jana Grill <janagrill@chromium.org>
    Cr-Commit-Position: refs/branch-heads/8.6@{#66}
    Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
    Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

Refs: https://github.com/v8/v8/commit/813066946968297b105e864ee0e6f4e422789d1b

PR-URL: https://github.com/nodejs/node/pull/38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
---
 common.gypi                                     |  2 +-
 deps/v8/src/regexp/regexp-compiler.cc           | 11 ++++++++++-
 deps/v8/test/mjsunit/regress/regress-1166138.js |  2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/common.gypi b/common.gypi
index d421eefd6b03ad..cddedd639adc0d 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.46',
+    'v8_embedder_string': '-node.47',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/regexp/regexp-compiler.cc b/deps/v8/src/regexp/regexp-compiler.cc
index a04180fd346d7f..5e1b70ef7334a3 100644
--- a/deps/v8/src/regexp/regexp-compiler.cc
+++ b/deps/v8/src/regexp/regexp-compiler.cc
@@ -2536,7 +2536,16 @@ int ChoiceNode::GreedyLoopTextLengthForAlternative(
     SeqRegExpNode* seq_node = static_cast<SeqRegExpNode*>(node);
     node = seq_node->on_success();
   }
-  return read_backward() ? -length : length;
+  if (read_backward()) {
+    length = -length;
+  }
+  // Check that we can jump by the whole text length. If not, return sentinel
+  // to indicate the we can't construct a greedy loop.
+  if (length < RegExpMacroAssembler::kMinCPOffset ||
+      length > RegExpMacroAssembler::kMaxCPOffset) {
+    return kNodeIsTooComplexForGreedyLoops;
+  }
+  return length;
 }
 
 void LoopChoiceNode::AddLoopAlternative(GuardedAlternative alt) {
diff --git a/deps/v8/test/mjsunit/regress/regress-1166138.js b/deps/v8/test/mjsunit/regress/regress-1166138.js
index b1a5d6b7bb8651..f3e4bde83e2769 100644
--- a/deps/v8/test/mjsunit/regress/regress-1166138.js
+++ b/deps/v8/test/mjsunit/regress/regress-1166138.js
@@ -4,4 +4,4 @@
 
 let badregexp =  "(?:" +  " ".repeat(32768*2)+  ")*";
 reg = RegExp(badregexp);
-reg.test()
+assertThrows(() => reg.test(), SyntaxError);