src/snapshot · 384e764a78a94f85641bf71c359dddf7a1c2351e · Linshizhi / V8

[sandbox] Fix two deserializer issues when sandbox is enabled · 9d3a645b

Samuel Groß authored Jun 21, 2022

When the sandbox is enabled, an empty ArrayBuffer does not have a
nullptr backing store but instead points to a special EmptyBackingStore
pseudo-object inside the sandbox. This then requires special handling
during deserialization. This CL fixes two cases where this was not done
correctly, which caused some crashes when --stress-snapshot is active.

Bug: v8:10391
Change-Id: I412adace229b979b317864a3e8c12ed4c601b850
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716480Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81297}

9d3a645b

Name	Last commit	Last update
..
embedded		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...
code-serializer.cc		Loading commit data...
code-serializer.h		Loading commit data...
context-deserializer.cc		Loading commit data...
context-deserializer.h		Loading commit data...
context-serializer.cc		Loading commit data...
context-serializer.h		Loading commit data...
deserializer.cc		Loading commit data...
deserializer.h		Loading commit data...
mksnapshot.cc		Loading commit data...
object-deserializer.cc		Loading commit data...
object-deserializer.h		Loading commit data...
read-only-deserializer.cc		Loading commit data...
read-only-deserializer.h		Loading commit data...
read-only-serializer.cc		Loading commit data...
read-only-serializer.h		Loading commit data...
references.h		Loading commit data...
roots-serializer.cc		Loading commit data...
roots-serializer.h		Loading commit data...
serializer-deserializer.cc		Loading commit data...
serializer-deserializer.h		Loading commit data...
serializer-inl.h		Loading commit data...
serializer.cc		Loading commit data...
serializer.h		Loading commit data...
shared-heap-deserializer.cc		Loading commit data...
shared-heap-deserializer.h		Loading commit data...
shared-heap-serializer.cc		Loading commit data...
shared-heap-serializer.h		Loading commit data...
snapshot-compression.cc		Loading commit data...
snapshot-compression.h		Loading commit data...
snapshot-data.cc		Loading commit data...
snapshot-data.h		Loading commit data...
snapshot-empty.cc		Loading commit data...
snapshot-external.cc		Loading commit data...
snapshot-source-sink.cc		Loading commit data...
snapshot-source-sink.h		Loading commit data...
snapshot-utils.cc		Loading commit data...
snapshot-utils.h		Loading commit data...
snapshot.cc		Loading commit data...
snapshot.h		Loading commit data...
startup-deserializer.cc		Loading commit data...
startup-deserializer.h		Loading commit data...
startup-serializer.cc		Loading commit data...
startup-serializer.h		Loading commit data...