[objects] Clarify 32-bit offsets in 64-bit fields

These fields relied on the assumption that 64-bit big-endian architectures had sizeof(int) == 4. Any architecture violating this assumption would result in an OOB access. Bug: Change-Id: I682ecb6a2da2cf84e8b24f1c1e608d7fc23f5bdc Reviewed-on: https://chromium-review.googlesource.com/793431Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49673}

[objects] Clarify 32-bit offsets in 64-bit fields
These fields relied on the assumption that 64-bit big-endian architectures had sizeof(int) == 4. Any architecture violating this assumption would result in an OOB access. Bug: Change-Id: I682ecb6a2da2cf84e8b24f1c1e608d7fc23f5bdc Reviewed-on: https://chromium-review.googlesource.com/793431Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49673}
5d3824e2 · jgruber · Commit Bot · ffda54fb · 5d3824e2 · 5d3824e2
Commit 5d3824e2 authored Nov 28, 2017 by jgruber Committed by Commit Bot Nov 28, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

js-array.h src/objects/js-array.h +1 -1

name-inl.h src/objects/name-inl.h +1 -1

name.h src/objects/name.h +1 -1

No files found.
--- a/src/objects/js-array.h
+++ b/src/objects/js-array.h
@@ -225,7 +225,7 @@ class JSArrayBuffer : public JSObject {
 #if V8_TARGET_LITTLE_ENDIAN || !V8_HOST_ARCH_64_BIT
  static const int kBitFieldOffset = kBitFieldSlot;
 #else
-  static const int kBitFieldOffset = kBitFieldSlot + kIntSize;
+  static const int kBitFieldOffset = kBitFieldSlot + kInt32Size;
 #endif
  static const int kSize = kBitFieldSlot + kPointerSize;


--- a/src/objects/name-inl.h
+++ b/src/objects/name-inl.h
@@ -41,7 +41,7 @@ void Name::set_hash_field(uint32_t value) {
  WRITE_UINT32_FIELD(this, kHashFieldOffset, value);
 #if V8_HOST_ARCH_64_BIT
 #if V8_TARGET_LITTLE_ENDIAN
-  WRITE_UINT32_FIELD(this, kHashFieldSlot + kIntSize, 0);
+  WRITE_UINT32_FIELD(this, kHashFieldSlot + kInt32Size, 0);
 #else
  WRITE_UINT32_FIELD(this, kHashFieldSlot, 0);
 #endif

--- a/src/objects/name.h
+++ b/src/objects/name.h
@@ -65,7 +65,7 @@ class Name : public HeapObject {
 #if V8_TARGET_LITTLE_ENDIAN || !V8_HOST_ARCH_64_BIT
  static const int kHashFieldOffset = kHashFieldSlot;
 #else
-  static const int kHashFieldOffset = kHashFieldSlot + kIntSize;
+  static const int kHashFieldOffset = kHashFieldSlot + kInt32Size;
 #endif
  static const int kSize = kHashFieldSlot + kPointerSize;