Fix alloc/dealloc size mismatch for v8::BackingStore

On newer compilers the {operator delete} with explicit {size_t} argument would be instantiated for {v8::BackingStore} and used in the destructor of {std::unique_ptr<v8::BackingStore>}. The {size_t} argument is wrong though, since the pointer actually points to a {v8::internal::BackingStore} object. The solution is to explicitly provide a {operator delete}, preventing an implicitly generated {size_t} operator. Bug:v8:11081 Change-Id: Iee0aa47a67f0e41000bea628942f7e3d70198b83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2506712 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#70916}
2020-10-29 15:02:03 +01:00 · 2020-10-29 15:02:03 +01:00 · 9a49b2298f
commit 9a49b2298f
parent 804a612cfd
1 changed files with 7 additions and 0 deletions
--- a/include/v8.h
+++ b/include/v8.h
@ -5078,6 +5078,13 @@ class V8_EXPORT BackingStore : public v8::internal::BackingStoreBase {
   */
  bool IsShared() const;

+  /**
+   * Prevent implicit instantiation of operator delete with size_t argument.
+   * The size_t argument would be incorrect because ptr points to the
+   * internal BackingStore object.
+   */
+  void operator delete(void* ptr) { ::operator delete(ptr); }
+
  /**
   * Wrapper around ArrayBuffer::Allocator::Reallocate that preserves IsShared.
   * Assumes that the backing_store was allocated by the ArrayBuffer allocator