dd7962bf78
Previously, the serialization code would call Externalize for every transferred ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If the buffer is already externalized, we should call GetContents instead. Also fix use-after-free bug when transferring ArrayBuffers. The transferred ArrayBuffer must be internalized in the new isolate, or be managed by the Shell. The current code gives it to the isolate externalized and frees it immediately afterward when the SerializationData object is destroyed. BUG=chromium:497295 R=jarin@chromium.org LOG=n Review URL: https://codereview.chromium.org/1215233004 Cr-Commit-Position: refs/heads/master@{#29499} |
||
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mozilla | ||
| preparser | ||
| promises-aplus | ||
| simdjs | ||
| test262 | ||
| test262-es6 | ||
| unittests | ||
| webkit | ||