src · 9d3a645bec5da96f750d5f7f275170e00f190773 · Linshizhi / V8

[sandbox] Fix two deserializer issues when sandbox is enabled · 9d3a645b

Samuel Groß authored 2 years ago

When the sandbox is enabled, an empty ArrayBuffer does not have a
nullptr backing store but instead points to a special EmptyBackingStore
pseudo-object inside the sandbox. This then requires special handling
during deserialization. This CL fixes two cases where this was not done
correctly, which caused some crashes when --stress-snapshot is active.

Bug: v8:10391
Change-Id: I412adace229b979b317864a3e8c12ed4c601b850
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716480Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81297}

9d3a645b

Name	Last commit	Last update
..
api		Loading commit data...
asmjs		Loading commit data...
ast		Loading commit data...
base		Loading commit data...
baseline		Loading commit data...
bigint		Loading commit data...
builtins		Loading commit data...
codegen		Loading commit data...
common		Loading commit data...
compiler		Loading commit data...
compiler-dispatcher		Loading commit data...
d8		Loading commit data...
date		Loading commit data...
debug		Loading commit data...
deoptimizer		Loading commit data...
diagnostics		Loading commit data...
execution		Loading commit data...
extensions		Loading commit data...
flags		Loading commit data...
handles		Loading commit data...
heap		Loading commit data...
ic		Loading commit data...
init		Loading commit data...
inspector		Loading commit data...
interpreter		Loading commit data...
json		Loading commit data...
libplatform		Loading commit data...
libsampler		Loading commit data...
logging		Loading commit data...
maglev		Loading commit data...
numbers		Loading commit data...
objects		Loading commit data...
parsing		Loading commit data...
profiler		Loading commit data...
protobuf		Loading commit data...
regexp		Loading commit data...
roots		Loading commit data...
runtime		Loading commit data...
sandbox		Loading commit data...
sanitizer		Loading commit data...
snapshot		Loading commit data...
strings		Loading commit data...
tasks		Loading commit data...
temporal		Loading commit data...
third_party		Loading commit data...
torque		Loading commit data...
tracing		Loading commit data...
trap-handler		Loading commit data...
utils		Loading commit data...
wasm		Loading commit data...
web-snapshot		Loading commit data...
zone		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...