-
Michael Lippautz authored
This is a reland of e0c1a349 The issue was passing SentinelPointer (== +1) through T*. The fix is disabling cfi unrelated cast diagnostic for the bottlenecks (Get()). This means that nullptr is treated the same as kSentinelPointer. The alternative would be a DCHECK that Get() does not return kSentinelPointer and adjusting all Member and Persistent logic that uses Get() to work on void*. This is quite intrusive as it involves Swap(), heterogeneous assignments, comparisons, etc. Original change's description: > cppgc: Properly clear (Weak)Peristent and WeakMember pointers > > The CL addresses two issues with (Weak)Persistent and WeakMember: > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this > CL the pointers would contain stale values which could lead to UAF. > 2. WeakPersistent and WeakMember are cleared using a combination of > internal clearing methods and mutable fields which avoids the use > of const_cast<>. > > Bug: chromium:1056170 > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68394} Bug: chromium:1056170 Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68426}
8bdce527
