AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
59d59b518f
v8/include
History
Michael Lippautz fc49e77f26 api,heap: Avoid dropping global handles when stack state is overridden 
This CL only affects non-production code. In non-production code, test
runners may invoke tasks (base::RunLoop()) with an interesting stack.
V8 assumes that it can clear certain data structures when running from
a non-nested task due to not having any interesting stack on top.
During testing this can lead to UAF on stack as data structures are
prematurely cleared.

With cppgc this failure can be fixed as the information on whether
test runners invoke tasks with a non-trivial stack is actually
present.

Example failure: https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8847453411432681120/+/steps/webkit_unit_tests__with_patch__on_Ubuntu-18.04/0/logs/Flaky_failure:_WebSocketStreamTest.ConnectWithFailedHandshake__status_CRASH_SUCCESS_/0

Change-Id: Ib9f6fb2d8a1aa43d0b973afeb2d0a740c769e784
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891574
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74539}
2021-05-12 19:20:23 +00:00
..
cppgc cppgc: Relax Member checks 2021-05-11 10:44:49 +00:00
libplatform Step 1 (of 3-ish): Basic ETW Instrumentation in V8 2021-01-05 20:11:03 +00:00
APIDesign.md Move inspector protocol definitions to include/ 2019-06-18 17:59:36 +00:00
DEPS cppgc: Implement process-global state accessors. 2021-02-17 22:37:24 +00:00
DIR_METADATA Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
js_protocol-1.2.json Move inspector protocol definitions to include/ 2019-06-18 17:59:36 +00:00
js_protocol-1.3.json Move inspector protocol definitions to include/ 2019-06-18 17:59:36 +00:00
js_protocol.pdl [debugger] Remove "Restart frame" feature. 2021-04-29 13:08:14 +00:00
OWNERS Update include/OWNERS 2021-02-25 14:27:28 +00:00
v8-cppgc.h [cppgc] Add API to query custom space sizes at last GC 2021-05-07 17:57:28 +00:00
v8-fast-api-calls.h [fastcall] Allow receiver to be passed as Object 2021-05-12 09:55:37 +00:00
v8-inspector-protocol.h Fix LINT exceptions across the code base 2020-04-27 16:37:04 +00:00
v8-inspector.h [inspector] Consistently pass around script ID as integer. 2021-05-06 14:30:26 +00:00
v8-internal.h [sandbox][x64] Switch to AND-based type checks 2021-05-10 11:21:13 +00:00
v8-metrics.h [api] Add v8::metrics::LongTaskStats for the LongTasks UKM 2021-04-14 12:56:34 +00:00
v8-platform.h [Jobs]: Cleanup in v8 platform. 2021-04-07 16:00:22 +00:00
v8-profiler.h [cleanup][include] Remove redundant NOLINT annotations 2021-04-30 16:22:19 +00:00
v8-unwinder-state.h Add RISC-V backend 2021-02-09 17:06:36 +00:00
v8-util.h [cleanup][include] Remove redundant NOLINT annotations 2021-04-30 16:22:19 +00:00
v8-value-serializer-version.h Expose the ValueSerializer data format version as a compile-time constant. 2017-04-27 15:14:41 +00:00
v8-version-string.h Fix LINT exceptions across the code base 2020-04-27 16:37:04 +00:00
v8-version.h Changed version number to 9.2 2021-04-08 17:30:02 +00:00
v8-wasm-trap-handler-posix.h Fix LINT exceptions across the code base 2020-04-27 16:37:04 +00:00
v8-wasm-trap-handler-win.h Fix LINT exceptions across the code base 2020-04-27 16:37:04 +00:00
v8.h api,heap: Avoid dropping global handles when stack state is overridden 2021-05-12 19:20:23 +00:00
v8config.h Remove support for non-c++14 compliant constexpr 2021-05-10 18:48:31 +00:00