• Anton Bikineev's avatar
    cppgc: shared-cage: Fix UaF when lsan is enabled · a1da1458
    Anton Bikineev authored
    Before this CL, the caged heap was lazily initialized upon the first
    call of HeapBase ctor. CagedHeap keeps a pointer to PageAllocator which
    was provided from cppgc::Platform through the HeapBase ctor. This was
    not generally safe: the platform is not enforced to be singleton. If it
    happens to die first, then CagedHeap will have a stale pointer. The CL
    fixes it simply by moving caged-heap initialization to
    cppgc::InitializeProcess(), which already requires a constantly living
    PageAllocator.
    
    Bug: chromium:1338030
    Change-Id: Ifb70a2db233ef36a99c919db09bed9ff9f3708ac
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732107
    Commit-Queue: Anton Bikineev <bikineev@chromium.org>
    Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#81422}
    a1da1458
Name
Last commit
Last update
..
cppgc Loading commit data...
libplatform Loading commit data...
APIDesign.md Loading commit data...
DEPS Loading commit data...
DIR_METADATA Loading commit data...
OWNERS Loading commit data...
js_protocol-1.2.json Loading commit data...
js_protocol-1.3.json Loading commit data...
js_protocol.pdl Loading commit data...
v8-array-buffer.h Loading commit data...
v8-callbacks.h Loading commit data...
v8-container.h Loading commit data...
v8-context.h Loading commit data...
v8-cppgc.h Loading commit data...
v8-data.h Loading commit data...
v8-date.h Loading commit data...
v8-debug.h Loading commit data...
v8-embedder-heap.h Loading commit data...
v8-embedder-state-scope.h Loading commit data...
v8-exception.h Loading commit data...
v8-extension.h Loading commit data...
v8-external.h Loading commit data...
v8-fast-api-calls.h Loading commit data...
v8-forward.h Loading commit data...
v8-function-callback.h Loading commit data...
v8-function.h Loading commit data...
v8-initialization.h Loading commit data...
v8-inspector-protocol.h Loading commit data...
v8-inspector.h Loading commit data...
v8-internal.h Loading commit data...
v8-isolate.h Loading commit data...
v8-json.h Loading commit data...
v8-local-handle.h Loading commit data...
v8-locker.h Loading commit data...
v8-maybe.h Loading commit data...
v8-memory-span.h Loading commit data...
v8-message.h Loading commit data...
v8-metrics.h Loading commit data...
v8-microtask-queue.h Loading commit data...
v8-microtask.h Loading commit data...
v8-object.h Loading commit data...
v8-persistent-handle.h Loading commit data...
v8-platform.h Loading commit data...
v8-primitive-object.h Loading commit data...
v8-primitive.h Loading commit data...
v8-profiler.h Loading commit data...
v8-promise.h Loading commit data...
v8-proxy.h Loading commit data...
v8-regexp.h Loading commit data...
v8-script.h Loading commit data...
v8-snapshot.h Loading commit data...
v8-statistics.h Loading commit data...
v8-template.h Loading commit data...
v8-traced-handle.h Loading commit data...
v8-typed-array.h Loading commit data...
v8-unwinder-state.h Loading commit data...
v8-unwinder.h Loading commit data...
v8-util.h Loading commit data...
v8-value-serializer-version.h Loading commit data...
v8-value-serializer.h Loading commit data...
v8-value.h Loading commit data...
v8-version-string.h Loading commit data...
v8-version.h Loading commit data...
v8-wasm-trap-handler-posix.h Loading commit data...
v8-wasm-trap-handler-win.h Loading commit data...
v8-wasm.h Loading commit data...
v8-weak-callback-info.h Loading commit data...
v8.h Loading commit data...
v8config.h Loading commit data...