Fix length() access in ScopeInfo::RecreateWithBlockList().

Trivial follow up fix for https://crrev.com/c/1946349 which fixes the call to length on a half-initialized ScopeInfo. ScopeInfo::length() looks at the uninitialized fields (i.e. in case of ScopeInfo for module scopes) and would thus crash. Bug: chromium:1027475, v8:9938, chromium:1072939 Change-Id: I7e4e81edfbbde25063ab40b8e7807fd70625a8a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910773 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#74703}

Fix length() access in ScopeInfo::RecreateWithBlockList().
Trivial follow up fix for https://crrev.com/c/1946349 which fixes the call to length on a half-initialized ScopeInfo. ScopeInfo::length() looks at the uninitialized fields (i.e. in case of ScopeInfo for module scopes) and would thus crash. Bug: chromium:1027475, v8:9938, chromium:1072939 Change-Id: I7e4e81edfbbde25063ab40b8e7807fd70625a8a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910773 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#74703}
9f2df663 · Benedikt Meurer · V8 LUCI CQ · 8a7db67d · 9f2df663
Commit 9f2df663 authored May 21, 2021 by Benedikt Meurer Committed by V8 LUCI CQ May 21, 2021
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 7 deletions

scope-info.cc src/objects/scope-info.cc +6 -7

No files found.
--- a/src/objects/scope-info.cc
+++ b/src/objects/scope-info.cc
@@ -626,8 +626,8 @@ Handle<ScopeInfo> ScopeInfo::RecreateWithBlockList(
  DCHECK(!original.is_null());
  if (original->HasLocalsBlockList()) return original;
-  Handle<ScopeInfo> scope_info =
+  int length = original->length() + 1;
-      isolate->factory()->NewScopeInfo(original->length() + 1);
+  Handle<ScopeInfo> scope_info = isolate->factory()->NewScopeInfo(length);
  // Copy the static part first and update the flags to include the
  // blocklist field, so {LocalsBlockListIndex} returns the correct value.
@@ -645,10 +645,9 @@ Handle<ScopeInfo> ScopeInfo::RecreateWithBlockList(
      scope_info->LocalsBlockListIndex() - kVariablePartIndex,
      WriteBarrierMode::UPDATE_WRITE_BARRIER);
  scope_info->set_locals_block_list(*blocklist);
-  scope_info->CopyElements(
+  scope_info->CopyElements(isolate, scope_info->LocalsBlockListIndex() + 1,
-      isolate, scope_info->LocalsBlockListIndex() + 1, *original,
+                           *original, scope_info->LocalsBlockListIndex(),
-      scope_info->LocalsBlockListIndex(),
+                           length - scope_info->LocalsBlockListIndex() - 1,
-      scope_info->length() - scope_info->LocalsBlockListIndex() - 1,
                           WriteBarrierMode::UPDATE_WRITE_BARRIER);
  return scope_info;
 }