1. 14 Dec, 2016 1 commit
    • jgruber's avatar
      [heap] Initialize the owner on each page after lospace allocation · bbf3c697
      jgruber authored
      The least two bits of the owner field of a Page are used to determine
      whether the Page is part of a large object. If these bits are not equal
      to 0x11, the page is part of a large object and needs special handling
      e.g. in MemoryChunk::FromAnyPointerAddress to determine which chunk it
      belongs to.
      
      This CL fixes an issue in which the store buffer overflows after
      a large object space allocation but before the object has been fully
      initialized. Store buffer overflow handling attempts to look up the
      chunk of a page, but fails to do so correctly since the page's owner
      field has not yet been initialized.
      
      This CL ensures that the owner field of all pages belonging to a large
      object allocation are initialized to a value that is interpreted
      correctly.
      
      BUG=chromium:672041
      
      Committed: https://crrev.com/9b6808bfb5366beebe3af30a06f9851edb2039d4
      Review-Url: https://codereview.chromium.org/2565713002
      Cr-Original-Commit-Position: refs/heads/master@{#41641}
      Cr-Commit-Position: refs/heads/master@{#41687}
      bbf3c697
  2. 06 Dec, 2016 1 commit