[objects] Clarify 32-bit offsets in 64-bit fields

These fields relied on the assumption that 64-bit big-endian architectures had sizeof(int) == 4. Any architecture violating this assumption would result in an OOB access. Bug: Change-Id: I682ecb6a2da2cf84e8b24f1c1e608d7fc23f5bdc Reviewed-on: https://chromium-review.googlesource.com/793431 Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49673}
2017-11-28 15:06:50 +01:00 · 2017-11-28 15:06:50 +01:00 · 5d3824e241
commit 5d3824e241
parent ffda54fbd4
3 changed files with 3 additions and 3 deletions
--- a/src/objects/js-array.h
+++ b/src/objects/js-array.h
@ -225,7 +225,7 @@ class JSArrayBuffer : public JSObject {
 #if V8_TARGET_LITTLE_ENDIAN || !V8_HOST_ARCH_64_BIT
  static const int kBitFieldOffset = kBitFieldSlot;
 #else
-  static const int kBitFieldOffset = kBitFieldSlot + kIntSize;
+  static const int kBitFieldOffset = kBitFieldSlot + kInt32Size;
 #endif
  static const int kSize = kBitFieldSlot + kPointerSize;

--- a/src/objects/name-inl.h
+++ b/src/objects/name-inl.h
@ -41,7 +41,7 @@ void Name::set_hash_field(uint32_t value) {
  WRITE_UINT32_FIELD(this, kHashFieldOffset, value);
 #if V8_HOST_ARCH_64_BIT
 #if V8_TARGET_LITTLE_ENDIAN
-  WRITE_UINT32_FIELD(this, kHashFieldSlot + kIntSize, 0);
+  WRITE_UINT32_FIELD(this, kHashFieldSlot + kInt32Size, 0);
 #else
  WRITE_UINT32_FIELD(this, kHashFieldSlot, 0);
 #endif
--- a/src/objects/name.h
+++ b/src/objects/name.h
@ -65,7 +65,7 @@ class Name : public HeapObject {
 #if V8_TARGET_LITTLE_ENDIAN || !V8_HOST_ARCH_64_BIT
  static const int kHashFieldOffset = kHashFieldSlot;
 #else
-  static const int kHashFieldOffset = kHashFieldSlot + kIntSize;
+  static const int kHashFieldOffset = kHashFieldSlot + kInt32Size;
 #endif
  static const int kSize = kHashFieldSlot + kPointerSize;