[heap] Fix cast in FixStaleLeftTrimmedHandlesVisitor

Casting to HeapObject before checking whether the object actually is a HeapObject is undefined behavior. Bug: chromium:738743 Change-Id: I7be8dfbc18203c6be008af73549a915f9b6bd3de Reviewed-on: https://chromium-review.googlesource.com/680768Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#48128}

[heap] Fix cast in FixStaleLeftTrimmedHandlesVisitor
Casting to HeapObject before checking whether the object actually is a HeapObject is undefined behavior. Bug: chromium:738743 Change-Id: I7be8dfbc18203c6be008af73549a915f9b6bd3de Reviewed-on: https://chromium-review.googlesource.com/680768Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#48128}
7c7c493c · Michael Lippautz · Commit Bot · 0dffd972 · 7c7c493c
Commit 7c7c493c authored Sep 25, 2017 by Michael Lippautz Committed by Commit Bot Sep 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

heap.cc src/heap/heap.cc +1 -1

No files found.
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -4808,8 +4808,8 @@ class FixStaleLeftTrimmedHandlesVisitor : public RootVisitor {

 private:
  inline void FixHandle(Object** p) {
+    if (!(*p)->IsHeapObject()) return;
    HeapObject* current = reinterpret_cast<HeapObject*>(*p);
-    if (!current->IsHeapObject()) return;
    const MapWord map_word = current->map_word();
    if (!map_word.IsForwardingAddress() && current->IsFiller()) {
 #ifdef DEBUG