AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
63,409 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
7887ae6fc3
Go to file
Clemens Backes 7887ae6fc3 [asm] Fix use-after-free in ZoneVectors 
The AsmParser kept pointers into ZoneVectors, which were accessed even
after those vector might have grown. For regular vectors, this would be
a use-after-free; with ZoneVectors it is technically allowed, since the
old memory stays alive. This will change with
https://crrev.com/c/2302895, which zaps zone memory which is
deallocated. Eventually, we might want to reuse large deallocations in
zone memory, hence this "use after free" needs to be fixed.

This CL fixes the issue by explicitly re-allocating in the zone instead
of using ZoneVectors. This makes sure that the old memory stays alive.
This is kind of a quick-fix, but since asm.js is more or less deprecated
anyway (in favor of Wasm), it's OK if this code does not profit from
future ZoneVector memory re-use optimizations.

Drive-by: Move field initializers to the field declaration.

R=ishell@chromium.org

Bug: v8:10717
Change-Id: I56c1feb49d05080e78a6620273b55b4e18156254
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304581
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68917}
2020-07-17 14:18:37 +00:00
build_overrides tracing: Enable using Perfetto client library from Chromium 2020-05-11 11:17:57 +00:00
custom_deps Use relative paths to OWNERS files 2019-08-12 13:52:52 +00:00
docs Add OWNERS for docs/ 2019-05-15 12:06:15 +00:00
gni Add google_benchmark depdendency 2020-07-02 20:11:29 +00:00
include [turbofan] Fast API calls support for default fallback 2020-07-15 14:48:01 +00:00
infra Reland "infra: Set gcc builders not to use Goma" 2020-06-30 10:41:37 +00:00
samples cppgc: Introduce AllocationHandle 2020-06-10 23:11:20 +00:00
src [asm] Fix use-after-free in ZoneVectors 2020-07-17 14:18:37 +00:00
test [liftoff] Fix missing stack move 2020-07-17 13:52:28 +00:00
testing Roll v8/third_party/googletest/src/ 10b1902d8..e3f0319d8 (43 commits) 2020-04-15 07:23:10 +00:00
third_party Add google_benchmark depdendency 2020-07-02 20:11:29 +00:00
tools [release] Work-around deps-processing problem 2020-07-17 13:10:08 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.clang-tidy [tool] Remove unfixed clang-tidy warnings to ease use. 2018-10-26 07:40:32 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.flake8 Add .flake8 to allow for python style checking. 2019-07-19 21:44:03 +00:00
.git-blame-ignore-revs [infra] Update .git-blame-ignore-revs 2020-03-03 12:59:13 +00:00
.gitattributes .gitattributes: Mark minified emscripten js files as -diff 2018-09-19 16:27:10 +00:00
.gitignore Revert "[presubmit] Add JS formatting for tools/system-analyzer" 2020-07-17 10:33:40 +00:00
.gn [build] Dynamically decide if to use system xcode 2019-07-29 08:20:24 +00:00
.vpython [tools] Implement confidence-based number of runs 2019-05-09 09:42:28 +00:00
.ycm_extra_conf.py Fix ycm config for headers without source 2019-12-09 11:59:21 +00:00
AUTHORS Fix crash on inspector setScriptSource calls when source is unchanged 2020-07-07 13:25:51 +00:00
BUILD.gn cppgc: Port MarkingVerifier 2020-07-16 13:05:15 +00:00
CODE_OF_CONDUCT.md
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
COMMON_OWNERS [owners] Add thibaudm and ecmziegler to COMMON_OWNERS 2020-05-20 18:41:54 +00:00
DEPS Update V8 DEPS. 2020-07-17 03:43:48 +00:00
ENG_REVIEW_OWNERS Add eng review owners as escalation path 2019-05-15 19:12:10 +00:00
INFRA_OWNERS Remove myself from owners 2019-12-12 14:22:32 +00:00
INTL_OWNERS add ftang as owner 2020-04-24 19:19:36 +00:00
LICENSE [wasm] Draft version of C/C++ Wasm API 2019-04-17 16:00:26 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk
LICENSE.v8
LICENSE.valgrind
MIPS_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
OWNERS Add syg@chromium.org as DEPS owner for test262 rolls 2019-09-17 19:29:11 +00:00
PPC_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
PRESUBMIT.py Revert "[presubmit] Add JS formatting for tools/system-analyzer" 2020-07-17 10:33:40 +00:00
README.md [docs] Change links from old wiki to v8.dev 2019-03-07 12:13:30 +00:00
S390_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
WATCHLISTS Stop watching for API changes in WATCHLISTS 2020-04-08 07:06:45 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.