[wasm] Clear owned_memory list of native modules after freeing

The call to isolate_->AdjustAmountOfExternalAllocatedMemory in WasmCodeManager::FreeNativeModuleMemories can cause a GC, which can indirectly call WasmCodeManager::FreeNativeModuleMemories again. It seems that this recursive call can cause memory to be deallocated twice. With this CL we clear the list of owned_memory after all entries were deallocated so that we cannot deallocate them again. I think this CL fixes a crash we saw on ChromeCrash. I don't know how to reproduce the issue though, or how to write a test for it. R=mstarzinger@chromium.org Bug: chromium:812532 Change-Id: I3b66274f9b72919952a4211e984192c0867a6c22 Reviewed-on: https://chromium-review.googlesource.com/921226Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#51312}

[wasm] Clear owned_memory list of native modules after freeing
The call to isolate_->AdjustAmountOfExternalAllocatedMemory in WasmCodeManager::FreeNativeModuleMemories can cause a GC, which can indirectly call WasmCodeManager::FreeNativeModuleMemories again. It seems that this recursive call can cause memory to be deallocated twice. With this CL we clear the list of owned_memory after all entries were deallocated so that we cannot deallocate them again. I think this CL fixes a crash we saw on ChromeCrash. I don't know how to reproduce the issue though, or how to write a test for it. R=mstarzinger@chromium.org Bug: chromium:812532 Change-Id: I3b66274f9b72919952a4211e984192c0867a6c22 Reviewed-on: https://chromium-review.googlesource.com/921226Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#51312}
9bd1e7d3 · Andreas Haas · Commit Bot · a50bc8ac · 9bd1e7d3
Commit 9bd1e7d3 authored Feb 15, 2018 by Andreas Haas Committed by Commit Bot Feb 15, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

wasm-code-manager.cc src/wasm/wasm-code-manager.cc +2 -0

No files found.
--- a/src/wasm/wasm-code-manager.cc
+++ b/src/wasm/wasm-code-manager.cc
@@ -957,6 +957,8 @@ void WasmCodeManager::FreeNativeModuleMemories(NativeModule* native_module) {
    Free(&vmem);
    DCHECK(!vmem.IsReserved());
  }
+  native_module->owned_memory_.clear();
+
  // No need to tell the GC anything if we're destroying the heap,
  // which we currently indicate by having the isolate_ as null
  if (isolate_ == nullptr) return;