cppgc: young-gen: Filter out SMIs when visiting traced nodes

Traced nodes can contain SMIs, e.g. when base::ScriptValue is constructed. The CL filters them out when visiting V8->C++ references, as otherwise it crashes later assuming HeapObject. Bug: chromium:1029379 Change-Id: Idaafc92d4dc1bd14c7d1a07e2177202a8af336a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555769Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79719}

cppgc: young-gen: Filter out SMIs when visiting traced nodes
Traced nodes can contain SMIs, e.g. when base::ScriptValue is constructed. The CL filters them out when visiting V8->C++ references, as otherwise it crashes later assuming HeapObject. Bug: chromium:1029379 Change-Id: Idaafc92d4dc1bd14c7d1a07e2177202a8af336a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555769Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#79719}
e4ac08c5 · Anton Bikineev · V8 LUCI CQ · e70ccb2f · e4ac08c5
Commit e4ac08c5 authored Mar 28, 2022 by Anton Bikineev Committed by V8 LUCI CQ Apr 01, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

cpp-heap.cc src/heap/cppgc-js/cpp-heap.cc +3 -1

No files found.
--- a/src/heap/cppgc-js/cpp-heap.cc
+++ b/src/heap/cppgc-js/cpp-heap.cc
@@ -75,7 +75,9 @@ class V8ToCppGCReferencesVisitor final

    const internal::JSObject js_object =
        *reinterpret_cast<const internal::JSObject* const&>(value);
-    if (!js_object.ptr() || !js_object.MayHaveEmbedderFields()) return;
+    if (!js_object.ptr() || js_object.IsSmi() ||
+        !js_object.MayHaveEmbedderFields())
+      return;

    internal::LocalEmbedderHeapTracer::WrapperInfo info;
    if (!internal::LocalEmbedderHeapTracer::ExtractWrappableInfo(