Revert "[Backport] CVE-2021-21227: Insufficient data validation in V8"

This reverts commit bc38ef79d8c2e9ff87fac1937c31b0e5b7d740a2.

Change-Id: I492e1c163ddda95f23cfba2b7aecc489d3ca5d75
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 3 insertions, 8 deletions

diff --git a/chromium/v8/src/compiler/simplified-lowering.cc b/chromium/v8/src/compiler/simplified-lowering.cc
index e2f34f08796..867a3f9d4a5 100644
--- a/chromium/v8/src/compiler/simplified-lowering.cc
+++ b/chromium/v8/src/compiler/simplified-lowering.cc
@@ -1318,15 +1318,10 @@ class RepresentationSelector {
     Type right_feedback_type = TypeOf(node->InputAt(1));
 
     // Using Signed32 as restriction type amounts to promising there won't be
-    // signed overflow. This is incompatible with relying on a Word32 truncation
-    // in order to skip the overflow check.  Similarly, we must not drop -0 from
-    // the result type unless we deopt for -0 inputs.
+    // signed overflow. This is incompatible with relying on a Word32
+    // truncation in order to skip the overflow check.
     Type const restriction =
-        truncation.IsUsedAsWord32()
-            ? Type::Any()
-            : (truncation.identify_zeros() == kIdentifyZeros)
-                  ? Type::Signed32OrMinusZero()
-                  : Type::Signed32();
+        truncation.IsUsedAsWord32() ? Type::Any() : Type::Signed32();
 
     // Handle the case when no int32 checks on inputs are necessary (but
     // an overflow check is needed on the output). Note that we do not