• Anton Bikineev's avatar
    cppgc: shared-cage: Fix UaF when lsan is enabled · a1da1458
    Anton Bikineev authored
    Before this CL, the caged heap was lazily initialized upon the first
    call of HeapBase ctor. CagedHeap keeps a pointer to PageAllocator which
    was provided from cppgc::Platform through the HeapBase ctor. This was
    not generally safe: the platform is not enforced to be singleton. If it
    happens to die first, then CagedHeap will have a stale pointer. The CL
    fixes it simply by moving caged-heap initialization to
    cppgc::InitializeProcess(), which already requires a constantly living
    PageAllocator.
    
    Bug: chromium:1338030
    Change-Id: Ifb70a2db233ef36a99c919db09bed9ff9f3708ac
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732107
    Commit-Queue: Anton Bikineev <bikineev@chromium.org>
    Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#81422}
    a1da1458
heap-base.cc 10.1 KB