Bugfix - a DCHECK could allocate, invalidating a raw pointer.

HasOrigin() can allocate. Make sure to wrap vulnerable raw pointers in handles. BUG= Review-Url: https://codereview.chromium.org/2788663002 Cr-Commit-Position: refs/heads/master@{#44271}

Bugfix - a DCHECK could allocate, invalidating a raw pointer.
HasOrigin() can allocate. Make sure to wrap vulnerable raw pointers in handles. BUG= Review-Url: https://codereview.chromium.org/2788663002 Cr-Commit-Position: refs/heads/master@{#44271}
5bc286e5 · mvstanton · Commit bot · 95120a7e · 5bc286e5
Commit 5bc286e5 authored Mar 30, 2017 by mvstanton Committed by Commit bot Mar 30, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

compilation-cache.cc src/compilation-cache.cc +10 -2

No files found.
--- a/src/compilation-cache.cc
+++ b/src/compilation-cache.cc
@@ -170,11 +170,19 @@ InfoVectorPair CompilationCacheScript::Lookup(
  // to see if we actually found a cached script. If so, we return a
  // handle created in the caller's handle scope.
  if (result.has_shared()) {
+#ifdef DEBUG
+    // Since HasOrigin can allocate, we need to protect the SharedFunctionInfo
+    // and the FeedbackVector with handles during the call.
    Handle<SharedFunctionInfo> shared(result.shared(), isolate());
-    // TODO(mvstanton): Make sure HasOrigin can't allocate, or it will
+    Handle<Cell> vector_handle;
-    // mess up our InfoVectorPair.
+    if (result.has_vector()) {
+      vector_handle = Handle<Cell>(result.vector(), isolate());
+    }
    DCHECK(
        HasOrigin(shared, name, line_offset, column_offset, resource_options));
+    result =
+        InfoVectorPair(*shared, result.has_vector() ? *vector_handle : nullptr);
+#endif
    isolate()->counters()->compilation_cache_hits()->Increment();
  } else {
    isolate()->counters()->compilation_cache_misses()->Increment();