include · d98b12d3df99181696152b4d532e71de894f7dd5 · Linshizhi / V8

cppgc: Add missing guard for PersistentNode allocation. · d98b12d3

Omer Katz authored Feb 24, 2021

Two threads might get the same PersistentNode because the
BasicCrossThreadPersistent ctor wasn't taking a lock. Then if one thread
frees the node and the other initalizes it or updates its owner, we get
some random object in our free list of PersistentNodes.

I debug a crash in Assign(Unsafe) and Clear where the PersistentNode
seemed to be allocated on stack. Empirically, adding this guard resolved
it. I can't confirm in the code that the scenario above is what was
happening.

Drive-by: adding a few DCHECKs.

Bug: chromium:1056170
Change-Id: I37d8ed5bb942a124c98d7524b7f04fe8ccb2aefd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718144
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73023}

d98b12d3

Name	Last commit	Last update
..
cppgc		Loading commit data...
libplatform		Loading commit data...
APIDesign.md		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...
js_protocol-1.2.json		Loading commit data...
js_protocol-1.3.json		Loading commit data...
js_protocol.pdl		Loading commit data...
v8-cppgc.h		Loading commit data...
v8-fast-api-calls.h		Loading commit data...
v8-inspector-protocol.h		Loading commit data...
v8-inspector.h		Loading commit data...
v8-internal.h		Loading commit data...
v8-metrics.h		Loading commit data...
v8-platform.h		Loading commit data...
v8-profiler.h		Loading commit data...
v8-unwinder-state.h		Loading commit data...
v8-util.h		Loading commit data...
v8-value-serializer-version.h		Loading commit data...
v8-version-string.h		Loading commit data...
v8-version.h		Loading commit data...
v8-wasm-trap-handler-posix.h		Loading commit data...
v8-wasm-trap-handler-win.h		Loading commit data...
v8.h		Loading commit data...
v8config.h		Loading commit data...