Skip to content

V
V8
Commit 63a40cae authored by jkummerow's avatar jkummerow Committed by Commit bot
Browse files
Options

Make Isolate::AddDetachedContext GC safe 

CopyFixedArrayAndGrow can trigger GC, which can clean up
previous detached contexts, so storing the length of the
FixedArray across the allocation is unsafe.

BUG=v8:6282

Review-Url: https://codereview.chromium.org/2857633002
Cr-Commit-Position: refs/heads/master@{#45038}
parent 5a766b44
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 5 deletions
src/isolate.cc
View file @ 63a40cae
...@@ -3509,6 +3509,7 @@ void Isolate::RunMicrotasksInternal() { ...@@ -3509,6 +3509,7 @@ void Isolate::RunMicrotasksInternal() {
while (pending_microtask_count() > 0) { while (pending_microtask_count() > 0) {
HandleScope scope(this); HandleScope scope(this);
int num_tasks = pending_microtask_count(); int num_tasks = pending_microtask_count();
// Do not use factory()->microtask_queue() here; we need a fresh handle!
Handle<FixedArray> queue(heap()->microtask_queue(), this); Handle<FixedArray> queue(heap()->microtask_queue(), this);
DCHECK(num_tasks <= queue->length()); DCHECK(num_tasks <= queue->length());
set_pending_microtask_count(0); set_pending_microtask_count(0);
...@@ -3652,11 +3653,11 @@ void Isolate::SetTailCallEliminationEnabled(bool enabled) { ...@@ -3652,11 +3653,11 @@ void Isolate::SetTailCallEliminationEnabled(bool enabled) {
void Isolate::AddDetachedContext(Handle<Context> context) { void Isolate::AddDetachedContext(Handle<Context> context) {
HandleScope scope(this); HandleScope scope(this);
Handle<WeakCell> cell = factory()->NewWeakCell(context); Handle<WeakCell> cell = factory()->NewWeakCell(context);
Handle<FixedArray> detached_contexts = factory()->detached_contexts(); Handle<FixedArray> detached_contexts =
int length = detached_contexts->length(); factory()->CopyFixedArrayAndGrow(factory()->detached_contexts(), 2);
detached_contexts = factory()->CopyFixedArrayAndGrow(detached_contexts, 2); int new_length = detached_contexts->length();
detached_contexts->set(length, Smi::kZero); detached_contexts->set(new_length - 2, Smi::kZero);
detached_contexts->set(length + 1, *cell); detached_contexts->set(new_length - 1, *cell);
heap()->set_detached_contexts(*detached_contexts); heap()->set_detached_contexts(*detached_contexts);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment