AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael Starzinger	47f3a53f70	[wasm] Fix bogus uses of {WasmGraphBuilder::Buffer}. With exception handling enabled new call paths open up, which will perform environment merging while a "call" or "call_indirect" is currently being emitted. This will lead to double-use of the buffer returned by calls to {Buffer} or {Realloc}. In general we should transition away from this optimization to safer constructs such as {base::SmallVector} to avoid such bugs. R=clemensb@chromium.org TEST=mjsunit/regress/regress-9832 BUG=v8:9832 Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64271}	2019-10-14 09:32:37 +00:00

Author

SHA1

Message

Date

Michael Starzinger

47f3a53f70

[wasm] Fix bogus uses of {WasmGraphBuilder::Buffer}.

With exception handling enabled new call paths open up, which will
perform environment merging while a "call" or "call_indirect" is
currently being emitted. This will lead to double-use of the buffer
returned by calls to {Buffer} or {Realloc}. In general we should
transition away from this optimization to safer constructs such as
{base::SmallVector} to avoid such bugs.

R=clemensb@chromium.org
TEST=mjsunit/regress/regress-9832
BUG=v8:9832

Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64271}

2019-10-14 09:32:37 +00:00

1 Commits