AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
8e8a06fac9
v8/test/cctest/heap
History
Ulan Degenbaev 8e8a06fac9 [heap] Fix an out-of-bounds access in the marking bitmap 
Deserializer can trigger OOB read in the marking bitmap inside the
RegisterDeserializedObjectsForBlackAllocation function. This happens
for example if an internalized string is deserialized as the last object
on a page and is the turned into a thin-string leaving a one-word filler
at the end of the page. In such a case IsBlack(filler) will try to fetch
a cell outside the marking bitmap.

The fix is to increase the size of the marking bitmap by one cell, so
that it is always safe to query markbits of any object on a page.

Bug: chromium:978156
Change-Id: If3c74e4f97d2caeb3c3f37a4147f38dea5f0e5a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2152838
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67223}
2020-04-20 09:07:57 +00:00
..
heap-tester.h [heap] Add flag to promote young objects in MC 2019-10-17 13:38:21 +00:00
heap-utils.cc heap: Improved incremental scheduling for unified heap 2020-02-03 20:11:29 +00:00
heap-utils.h [test] Make full space simulation work with --no-inline-new. 2019-10-29 13:28:46 +00:00
test-alloc.cc [api] Create v8::String::NewFromLiteral that returns Local<String> 2020-03-09 12:02:07 +00:00
test-array-buffer-tracker.cc [heap] Keep array buffer bytes stable during sweeping 2020-02-10 14:38:43 +00:00
test-compaction.cc [heap] Add flag to promote young objects in MC 2019-10-17 13:38:21 +00:00
test-concurrent-allocation.cc [heap] Add ConcurrentAllocator 2020-04-15 14:06:49 +00:00
test-concurrent-marking.cc [heap] Refactor marking worklists 2019-12-11 16:46:40 +00:00
test-embedder-tracing.cc heap: Fixes for copying/moving traced references 2020-01-19 23:05:07 +00:00
test-external-string-tracker.cc [api] Create v8::String::NewFromLiteral that returns Local<String> 2020-03-09 12:02:07 +00:00
test-heap.cc [heap] Fix an out-of-bounds access in the marking bitmap 2020-04-20 09:07:57 +00:00
test-incremental-marking.cc Move remaining files in src/ 2019-05-24 18:24:36 +00:00
test-invalidated-slots.cc [heap] Restrict usages of AlwaysAllocateScope 2020-03-03 11:24:33 +00:00
test-iterators.cc [roheap] Move read_only_heap() from heap to isolate 2019-07-05 14:25:00 +00:00
test-lab.cc [torque] Use generated instance types, part 1 2019-10-28 18:30:31 +00:00
test-mark-compact.cc [torque] Use generated instance types, part 1 2019-10-28 18:30:31 +00:00
test-memory-measurement.cc [heap] Add per-context accounting of external bytes 2020-01-29 09:46:42 +00:00
test-page-promotion.cc [objects] Add ArrayBufferExtension class 2020-01-13 12:26:35 +00:00
test-spaces.cc [heap] Restrict usages of AlwaysAllocateScope 2020-03-03 11:24:33 +00:00
test-unmapper.cc [API] Remove deprecated tasks API 2020-01-08 13:54:45 +00:00
test-weak-references.cc [cleanup] Refactor Smi::kZero to Smi::zero() 2019-11-15 11:26:48 +00:00