AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9dcc665cb1
v8/test
History
Simon Zünd 3bcf2b83eb [array] Change Array.p.sort bailout behavior from fast- to slow-path 
This CL fixes a bug where execution would continue on a fast-path
even though a previous recursion step bailed to the slow path. This
would allow possibly illegal loads that could leak to JS.

Drive-by change: Instead of bailing to the slow-path on each recursion
step, we now bail completely and start the slow-path afterwards.

R=cbruni@chromium.org, jgruber@chromium.org

Bug: chromium:854299, v8:7382
Change-Id: Ib2fd5d85dbd0c3894d7775c4f62e053c31b5e5d1
Reviewed-on: https://chromium-review.googlesource.com/1107702
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53892}
2018-06-20 15:38:18 +00:00
..
benchmarks Reland "[build] Remove legacy isolate configurations" 2018-03-28 12:36:55 +00:00
cctest [liveedit] migrate compare strings tests to native 2018-06-20 14:54:06 +00:00
common [explicit isolates] Remove GetIsolates from Map 2018-06-19 09:59:58 +00:00
debugger [liveedit] migrate compare strings tests to native 2018-06-20 14:54:06 +00:00
fuzzer [TurboFan] Return MaybeHandle from TurboFan compiler 2018-06-19 09:33:18 +00:00
inspector Revert "[async] Optimize await and AsyncFromSyncIterator" 2018-06-19 20:22:20 +00:00
intl Add regression tests for Intl.Locale constructor. 2018-06-13 21:56:26 +00:00
js-perf-test [jstests] Change sorting benchmarks to run setup for each iteration 2018-06-19 09:40:39 +00:00
memory Reland "[tools] Add benchmark owners to the config" 2018-05-16 13:53:49 +00:00
message Reland "[array] Implement Array.p.sort in Torque" 2018-06-05 08:33:18 +00:00
mjsunit [array] Change Array.p.sort bailout behavior from fast- to slow-path 2018-06-20 15:38:18 +00:00
mkgrokdump [cleanup] Add a name() helper to Space in heap 2018-06-20 13:55:02 +00:00
mozilla [test] Reverse sense of wasm_traps variant 2018-05-08 17:49:14 +00:00
preparser Reland "[build] Remove legacy isolate configurations" 2018-03-28 12:36:55 +00:00
test262 Reland "[builtins] set DataView.length to 1" 2018-06-12 21:54:47 +00:00
torque [torque] Fix multi-line AssertStatements 2018-06-13 14:01:59 +00:00
unittests [arm] [arm64] Match LoadStackPointer with comparison. 2018-06-20 14:24:14 +00:00
wasm-spec-tests [wasm] "fix" critical memory pressure notification 2018-06-13 13:52:19 +00:00
webkit [test] Skip slow tests 2018-05-23 14:14:34 +00:00
BUILD.gn Reland "[build] Remove legacy isolate configurations" 2018-03-28 12:36:55 +00:00