src/builtins/builtins-constructor-gen.cc · 924ab19bcc7fe71b1c141410609580014a194525 · Linshizhi / V8

[ptr-compr] Fix literal field copy iteration size · 61a3f827

Leszek Swirski authored Jul 25, 2019

When iterating over fields to copy, we should copy kTagged-sized fields,
not kPointer-sized fields, to avoid overwriting something allocated after
the last slot of an object if the end of the object isn't kPointer
aligned.

Bug: v8:8948
Change-Id: Ic3d933157ca1962a779dba6ae58facb558d75ca0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1718151
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62912}

61a3f827

builtins-constructor-gen.cc 30.4 KB

Replace builtins-constructor-gen.cc