cppgc: young-gen: Filter out SMIs when visiting traced nodes

Traced nodes can contain SMIs, e.g. when base::ScriptValue is constructed. The CL filters them out when visiting V8->C++ references, as otherwise it crashes later assuming HeapObject. Bug: chromium:1029379 Change-Id: Idaafc92d4dc1bd14c7d1a07e2177202a8af336a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555769 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79719}
2022-03-28 18:34:58 +02:00 · 2022-03-28 18:34:58 +02:00 · e4ac08c514
commit e4ac08c514
parent e70ccb2f7f
1 changed files with 3 additions and 1 deletions
--- a/src/heap/cppgc-js/cpp-heap.cc
+++ b/src/heap/cppgc-js/cpp-heap.cc
@ -75,7 +75,9 @@ class V8ToCppGCReferencesVisitor final

    const internal::JSObject js_object =
        *reinterpret_cast<const internal::JSObject* const&>(value);
-    if (!js_object.ptr() || !js_object.MayHaveEmbedderFields()) return;
+    if (!js_object.ptr() || js_object.IsSmi() ||
+        !js_object.MayHaveEmbedderFields())
+      return;

    internal::LocalEmbedderHeapTracer::WrapperInfo info;
    if (!internal::LocalEmbedderHeapTracer::ExtractWrappableInfo(