AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9c362b0045
v8/include/cppgc/internal
History
Michael Lippautz 8bdce52713 Reland "cppgc: Properly clear (Weak)Peristent and WeakMember pointers" 
This is a reland of e0c1a349ea

The issue was passing SentinelPointer (== +1) through T*.

The fix is disabling cfi unrelated cast diagnostic for the bottlenecks
(Get()). This means that nullptr is treated the same as
kSentinelPointer.

The alternative would be a DCHECK that Get() does not return
kSentinelPointer and adjusting all Member and Persistent logic that
uses Get() to work on void*. This is quite intrusive as it involves
Swap(), heterogeneous assignments, comparisons, etc.

Original change's description:
> cppgc: Properly clear (Weak)Peristent and WeakMember pointers
>
> The CL addresses two issues with (Weak)Persistent and WeakMember:
> 1. (Weak)Persistent pointers are cleared on heap teardown. Before this
>    CL the pointers would contain stale values which could lead to UAF.
> 2. WeakPersistent and WeakMember are cleared using a combination of
>    internal clearing methods and mutable fields which avoids the use
>    of const_cast<>.
>
> Bug: chromium:1056170
> Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68394}

Bug: chromium:1056170
Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68426}
2020-06-19 08:48:49 +00:00
..
api-constants.h cppgc: Move caged heap into a separate class 2020-06-16 09:58:19 +00:00
atomic-entry-flag.h cppgc: Add write barrier 2020-06-02 18:03:35 +00:00
caged-heap-local-data.h cppgc: Add initial implementation of young generation 2020-06-17 06:48:10 +00:00
compiler-specific.h cppgc: Add initial implementation of young generation 2020-06-17 06:48:10 +00:00
finalizer-trait.h cppgc: Add public target to build against 2020-04-21 12:48:23 +00:00
gc-info.h cppgc: Add TraceCallback to GCInfo 2020-05-13 23:53:43 +00:00
logging.h Fix LINT exceptions across the code base 2020-04-27 16:37:04 +00:00
persistent-node.h Reland "cppgc: Properly clear (Weak)Peristent and WeakMember pointers" 2020-06-19 08:48:49 +00:00
pointer-policies.h cppgc: Add initial implementation of young generation 2020-06-17 06:48:10 +00:00
prefinalizer-handler.h cppgc: Rework pre-finalizer registration 2020-06-11 20:12:21 +00:00
process-heap.h cppgc: Add write barrier 2020-06-02 18:03:35 +00:00
write-barrier.h cppgc: Add initial implementation of young generation 2020-06-17 06:48:10 +00:00