Files · 984048e8c7981a38b73a8bbaeb5e6fd7f34c1d95 · Linshizhi / V8

[es2015] Clear JSTypedArray raw fields in the constructor. · 984048e8

Benedikt Meurer authored Sep 19, 2018

The JSTypedArray instance is created early on in the TypedArray
constructors, using EmitFastNewObject, which puts Undefined into
all slots. But the code might still produce an exception afterwards
leaving the JSTypedArray in a weird state. It's not a security issue
since the object doesn't escape, but it confuses the heap verifier.

Bug: chromium:885404, v8:4153, v8:7881, v8:8171
Change-Id: I5fb8131fcae69edf4a92602ed477dca305c3d6c7
Reviewed-on: https://chromium-review.googlesource.com/1233257
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56019}

984048e8

Name	Last commit	Last update
benchmarks		Loading commit data...
build_overrides		Loading commit data...
custom_deps		Loading commit data...
docs		Loading commit data...
gni		Loading commit data...
include		Loading commit data...
infra		Loading commit data...
samples		Loading commit data...
src		Loading commit data...
test		Loading commit data...
testing		Loading commit data...
third_party		Loading commit data...
tools		Loading commit data...
.clang-format		Loading commit data...
.clang-tidy		Loading commit data...
.editorconfig		Loading commit data...
.git-blame-ignore-revs		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.gn		Loading commit data...
.vpython		Loading commit data...
.ycm_extra_conf.py		Loading commit data...
AUTHORS		Loading commit data...
BUILD.gn		Loading commit data...
CODE_OF_CONDUCT.md		Loading commit data...
ChangeLog		Loading commit data...
DEPS		Loading commit data...
LICENSE		Loading commit data...
LICENSE.fdlibm		Loading commit data...
LICENSE.strongtalk		Loading commit data...
LICENSE.v8		Loading commit data...
LICENSE.valgrind		Loading commit data...
OWNERS		Loading commit data...
PRESUBMIT.py		Loading commit data...
README.md		Loading commit data...
WATCHLISTS		Loading commit data...
codereview.settings		Loading commit data...
snapshot_toolchain.gni		Loading commit data...

README.md