1. 19 Jun, 2020 1 commit
    • Michael Lippautz's avatar
      Reland "cppgc: Properly clear (Weak)Peristent and WeakMember pointers" · 8bdce527
      Michael Lippautz authored
      This is a reland of e0c1a349
      
      The issue was passing SentinelPointer (== +1) through T*.
      
      The fix is disabling cfi unrelated cast diagnostic for the bottlenecks
      (Get()). This means that nullptr is treated the same as
      kSentinelPointer.
      
      The alternative would be a DCHECK that Get() does not return
      kSentinelPointer and adjusting all Member and Persistent logic that
      uses Get() to work on void*. This is quite intrusive as it involves
      Swap(), heterogeneous assignments, comparisons, etc.
      
      Original change's description:
      > cppgc: Properly clear (Weak)Peristent and WeakMember pointers
      >
      > The CL addresses two issues with (Weak)Persistent and WeakMember:
      > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this
      >    CL the pointers would contain stale values which could lead to UAF.
      > 2. WeakPersistent and WeakMember are cleared using a combination of
      >    internal clearing methods and mutable fields which avoids the use
      >    of const_cast<>.
      >
      > Bug: chromium:1056170
      > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
      > Reviewed-by: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#68394}
      
      Bug: chromium:1056170
      Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68426}
      8bdce527
  2. 17 Jun, 2020 2 commits
  3. 27 Apr, 2020 3 commits
  4. 21 Apr, 2020 1 commit
  5. 15 Apr, 2020 1 commit