From 7586dc7910e66f2a2d45721f685980535f961645 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuel=20Gro=C3=9F?= <saelo@chromium.org>
Date: Wed, 27 Jul 2022 13:00:47 +0200
Subject: [PATCH] [sandbox] Sandboxify AccessorInfo external pointers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: v8:10391
Change-Id: I18745b415962e08fada5c0b9466a0d7e66a84a12
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757339
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81999}
---
 include/v8-internal.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/v8-internal.h b/include/v8-internal.h
index 93e5aa00ca..a27f3a3448 100644
--- a/include/v8-internal.h
+++ b/include/v8-internal.h
@@ -385,9 +385,9 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
   V(kExternalObjectValueTag,                sandboxed, TAG(14)) \
   V(kCallHandlerInfoCallbackTag,          unsandboxed, TAG(15)) \
   V(kCallHandlerInfoJsCallbackTag,        unsandboxed, TAG(16)) \
-  V(kAccessorInfoGetterTag,               unsandboxed, TAG(17)) \
-  V(kAccessorInfoJsGetterTag,             unsandboxed, TAG(18)) \
-  V(kAccessorInfoSetterTag,               unsandboxed, TAG(19)) \
+  V(kAccessorInfoGetterTag,                 sandboxed, TAG(17)) \
+  V(kAccessorInfoJsGetterTag,               sandboxed, TAG(18)) \
+  V(kAccessorInfoSetterTag,                 sandboxed, TAG(19)) \
   V(kWasmInternalFunctionCallTargetTag,     sandboxed, TAG(20))
 
 // All external pointer tags.