-
binji authored
Shell::SerializeValue was using a HandleScope, but was also storing Handles in an ObjectList. The ObjectList handles would persist after the function had returned, but will have already been destroyed by the HandleScope, so there is a use-after-free. This change removes the HandleScope in Shell::SerializeValue and relies on the caller's HandleScope. BUG=chromium:503968 R=jochen@chromium.org LOG=n Review URL: https://codereview.chromium.org/1211433003 Cr-Commit-Position: refs/heads/master@{#29265}
5023335b
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mozilla | ||
| preparser | ||
| promises-aplus | ||
| simdjs | ||
| test262 | ||
| test262-es6 | ||
| unittests | ||
| webkit |