• Benedikt Meurer's avatar
    [turbofan] Remove unsound SeqString types. · 36426ab7
    Benedikt Meurer authored
    A value of type OtherSeqString can change its type to OtherNonSeqString
    via inplace internalization (and redirection via a ThinString). This can
    lead to out of bounds memory accesses and generally correctness bugs, as
    seen with crbug.com/822284.
    
    This change might affect performance in some cases, and we'll need to
    evaluate whether it's worth spending cycles on adding another mechanism
    that leverages the sequential string information in a safe way on a case
    by case basis.
    
    Bug: chromium:822284
    Change-Id: I0de77ec089a774236555f38c365f7548f454edfe
    Reviewed-on: https://chromium-review.googlesource.com/966021Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
    Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#51975}
    36426ab7
types.h 22.5 KB