Commit 3871bc84 authored by Clemens Backes's avatar Clemens Backes Committed by V8 LUCI CQ

Fix unaligned access in Relaxed_Memcpy

The old code was relying on identical alignment of both the source and
the destination of the Relaxed_Memcpy. This is not always given, thus
check for alignment of both.

R=mlippautz@chromium.org

Bug: chromium:1208782, v8:11704
Change-Id: Ic5dca3a5f0ecaea0df6eb123105520bd7785853c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905611Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74694}
parent 5181aa6e
...@@ -303,8 +303,8 @@ inline void Relaxed_Memcpy(volatile Atomic8* dst, volatile const Atomic8* src, ...@@ -303,8 +303,8 @@ inline void Relaxed_Memcpy(volatile Atomic8* dst, volatile const Atomic8* src,
Relaxed_Store(dst++, Relaxed_Load(src++)); Relaxed_Store(dst++, Relaxed_Load(src++));
--bytes; --bytes;
} }
if (IsAligned(reinterpret_cast<uintptr_t>(src), kAtomicWordSize)) { if (IsAligned(reinterpret_cast<uintptr_t>(src), kAtomicWordSize) &&
DCHECK(IsAligned(reinterpret_cast<uintptr_t>(dst), kAtomicWordSize)); IsAligned(reinterpret_cast<uintptr_t>(dst), kAtomicWordSize)) {
while (bytes >= kAtomicWordSize) { while (bytes >= kAtomicWordSize) {
Relaxed_Store( Relaxed_Store(
reinterpret_cast<volatile AtomicWord*>(dst), reinterpret_cast<volatile AtomicWord*>(dst),
......
// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
var arr = new Int8Array(new SharedArrayBuffer(16), 13);
new Uint8Array(arr);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment