cppgc: Unpoison live object before compaction

The object may have been poisoned again between marking and compaction through executing pre-finalizers or custom weakness handling of related objects. Bug: chromium:1220666, chromium:1056170 Change-Id: Ibba4b42852a2921640d6f3ded473521febb2114f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966386Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75189}

cppgc: Unpoison live object before compaction
The object may have been poisoned again between marking and compaction through executing pre-finalizers or custom weakness handling of related objects. Bug: chromium:1220666, chromium:1056170 Change-Id: Ibba4b42852a2921640d6f3ded473521febb2114f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966386Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75189}
6169cbf5 · Michael Lippautz · V8 LUCI CQ · df912633 · 6169cbf5
Commit 6169cbf5 authored Jun 16, 2021 by Michael Lippautz Committed by V8 LUCI CQ Jun 16, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

compactor.cc src/heap/cppgc/compactor.cc +3 -0

No files found.
--- a/src/heap/cppgc/compactor.cc
+++ b/src/heap/cppgc/compactor.cc
@@ -362,6 +362,9 @@ void CompactPage(NormalPage* page, CompactionState& compaction_state) {
 #if !defined(CPPGC_YOUNG_GENERATION)
    header->Unmark();
 #endif
+    // Potentially unpoison the live object as well as it is the source of
+    // the copy.
+    ASAN_UNPOISON_MEMORY_REGION(header->ObjectStart(), header->ObjectSize());
    compaction_state.RelocateObject(page, header_address, size);
    header_address += size;
  }