-
Patrick Thier authored
When GC triggered while an exception is pending, a read to memory that was no longer valid could happen while backtracking in the regexp interpreter (introduced with commit fb0df2c8). This CL prevents this dirty read, that could have been a security issue. Bug: chromium:992389, v8:9575 Change-Id: Ie1acd6faa16665e211666c6a8dcf2a9d74e0c886 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751342 Commit-Queue: Patrick Thier <pthier@google.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63195}
52c7565d
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| common | ||
| debugger | ||
| fuzzer | ||
| inspector | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mkgrokdump | ||
| mozilla | ||
| preparser | ||
| test262 | ||
| torque | ||
| unittests | ||
| wasm-api-tests | ||
| wasm-js | ||
| wasm-spec-tests | ||
| webkit | ||
| BUILD.gn | ||
| OWNERS |