-
Ulan Degenbaev authored
The test creates a mock platform. The bug was that the lifetime of the mock platform was shoter than the lifetime of the isolate. Even though the mock platform restores the old platfrom, a background thread may still have a pointer to the mock platform leading to UAF. Bug: v8:10690 Tbr: dinfuehr@chromium.rg Change-Id: Ic14bf408e5e3e9e7d07e01af545bb88c21462300 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290850Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68777}
9ff7156f
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
benchmarks | ||
cctest | ||
common | ||
debugger | ||
debugging | ||
fuzzer | ||
fuzzilli | ||
inspector | ||
intl | ||
js-perf-test | ||
memory | ||
message | ||
mjsunit | ||
mkgrokdump | ||
mozilla | ||
test262 | ||
torque | ||
unittests | ||
wasm-api-tests | ||
wasm-js | ||
wasm-spec-tests | ||
webkit | ||
BUILD.gn | ||
OWNERS |