[sandbox] Remove a number of native allocations from WasmInstanceObject
Those are not safe in combination with the sandbox as they are stored as raw pointers. Instead of turning them into ExternalPointers (which use the ExternalPointerTable indirection), this CL simply turns them into on-heap ByteArrays which is cheaper and should be unproblematic security-wise as their contents can be corrupted without causing memory corruption outside the sandbox address space (just incorrect behaviour and/or further memory corruption *inside* the sandbox, which is fine). Bug: chromium:1335046 Change-Id: Id2b901a58b7d6c91dd7596fca553d7c76cbc61ec Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845636Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#82765}
Showing
Please
register
or
sign in
to comment