-
jgruber authored
The least two bits of the owner field of a Page are used to determine whether the Page is part of a large object. If these bits are not equal to 0x11, the page is part of a large object and needs special handling e.g. in MemoryChunk::FromAnyPointerAddress to determine which chunk it belongs to. This CL fixes an issue in which the store buffer overflows after a large object space allocation but before the object has been fully initialized. Store buffer overflow handling attempts to look up the chunk of a page, but fails to do so correctly since the page's owner field has not yet been initialized. This CL ensures that the owner field of all pages belonging to a large object allocation are initialized to a value that is interpreted correctly. BUG=chromium:672041 Committed: https://crrev.com/9b6808bfb5366beebe3af30a06f9851edb2039d4 Review-Url: https://codereview.chromium.org/2565713002 Cr-Original-Commit-Position: refs/heads/master@{#41641} Cr-Commit-Position: refs/heads/master@{#41687}
bbf3c697
