-
binji authored
Shell::SerializeValue was using a HandleScope, but was also storing Handles in an ObjectList. The ObjectList handles would persist after the function had returned, but will have already been destroyed by the HandleScope, so there is a use-after-free. This change removes the HandleScope in Shell::SerializeValue and relies on the caller's HandleScope. BUG=chromium:503968 R=jochen@chromium.org LOG=n Review URL: https://codereview.chromium.org/1211433003 Cr-Commit-Position: refs/heads/master@{#29265}
5023335b
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
benchmarks | ||
cctest | ||
intl | ||
js-perf-test | ||
memory | ||
message | ||
mjsunit | ||
mozilla | ||
preparser | ||
promises-aplus | ||
simdjs | ||
test262 | ||
test262-es6 | ||
unittests | ||
webkit |