Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1063)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/type-info.cc

Issue 1026343004: Prevent leaks of cross context maps in the Oracle. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/type-info.cc
diff --git a/src/type-info.cc b/src/type-info.cc
index 7e1d6011d0e82ad1a26cc47c272567a7c87cc3d0..1059c7aecd8796e4f31d0a9f4a9e3ff3354f4719 100644
--- a/src/type-info.cc
+++ b/src/type-info.cc
@@ -54,6 +54,7 @@ Handle<Object> TypeFeedbackOracle::GetInfo(FeedbackVectorSlot slot) {
Object* obj = feedback_vector_->Get(slot);
if (!obj->IsJSFunction() ||
!CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) {
+ DCHECK(!obj->IsMap());
return Handle<Object>(obj, isolate());
}
return Handle<Object>::cast(isolate()->factory()->undefined_value());
@@ -74,10 +75,12 @@ Handle<Object> TypeFeedbackOracle::GetInfo(FeedbackVectorICSlot slot) {
obj = cell->value();
}
- if (!obj->IsJSFunction() ||
- !CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) {
+ if ((obj->IsJSFunction() &&
+ !CanRetainOtherContext(JSFunction::cast(obj), *native_context_)) ||
+ obj->IsAllocationSite() || obj->IsSymbol()) {
return Handle<Object>(obj, isolate());
}
+
return undefined;
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698