-
Dominik Inführ authored
The counter as size_t can legitimately overflow on 32-bit systems, since decreasing the counters is performed after all backing stores were freed on a background thread. Before sweeping is finished a new backing store could already be allocated which then leads to the overflow. Bug: v8:11788, chromium:1211437 Change-Id: Id9f3e58b0e84e831fe47109f7deb3a05ae7e489c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922242 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74836}
0ebe286f
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| DIR_METADATA | ||
| OWNERS | ||
| api-arguments-inl.h | ||
| api-arguments.cc | ||
| api-arguments.h | ||
| api-inl.h | ||
| api-macros-undef.h | ||
| api-macros.h | ||
| api-natives.cc | ||
| api-natives.h | ||
| api.cc | ||
| api.h |