Commit fad99f5e authored by Dan Elphick's avatar Dan Elphick Committed by Commit Bot

[objects] Disallow externalizing RO_SPACE 2-byte strings

This was already the case for 1-byte strings. This prevents crashes when
attempting to externalize such strings.

Bug: chromium:842078, v8:7464
Change-Id: I3092a6748edaf77b2689f7b6f6b949929998e508
Reviewed-on: https://chromium-review.googlesource.com/1054290Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53124}
parent fc663faa
...@@ -2601,6 +2601,7 @@ bool String::MakeExternal(v8::String::ExternalStringResource* resource) { ...@@ -2601,6 +2601,7 @@ bool String::MakeExternal(v8::String::ExternalStringResource* resource) {
// Abort if size does not allow in-place conversion. // Abort if size does not allow in-place conversion.
if (size < ExternalString::kShortSize) return false; if (size < ExternalString::kShortSize) return false;
Heap* heap = GetHeap(); Heap* heap = GetHeap();
if (heap->read_only_space()->Contains(this)) return false;
bool is_one_byte = this->IsOneByteRepresentation(); bool is_one_byte = this->IsOneByteRepresentation();
bool is_internalized = this->IsInternalizedString(); bool is_internalized = this->IsInternalizedString();
bool has_pointers = StringShape(this).IsIndirect(); bool has_pointers = StringShape(this).IsIndirect();
......
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --expose-externalize-string
// Attempt to externalize a string that's in RO_SPACE, which is not allowed as
// the string's map would need to be writable.
assertThrows(() => {
externalizeString("1", false)
});
assertThrows(() => {
externalizeString("1", true)
});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment