Issue 1211433003: Fix cluster-fuzz regression with Workers and recursive serialization

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 1211433003: Fix cluster-fuzz regression with Workers and recursive serialization (Closed)

Created:
5 years, 5 months ago by binji

Modified:
5 years, 5 months ago

Reviewers:
jochen (gone - plz use gerrit)

CC:
v8-dev

Base URL:
https://chromium.googlesource.com/v8/v8.git@master

Target Ref:
refs/pending/heads/master

Project:
v8

Visibility:
Public.

More Reviews

Description

Fix cluster-fuzz regression with Workers and recursive serialization Shell::SerializeValue was using a HandleScope, but was also storing Handles in an ObjectList. The ObjectList handles would persist after the function had returned, but will have already been destroyed by the HandleScope, so there is a use-after-free. This change removes the HandleScope in Shell::SerializeValue and relies on the caller's HandleScope. BUG=chromium:503968 R=jochen@chromium.org LOG=n Committed: https://crrev.com/5023335b4d0d48df880480a5baf6ca601912afe8 Cr-Commit-Position: refs/heads/master@{#29265}

Patch Set 1 #

Created: 5 years, 5 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+15 lines, -1 line)			Patch
	M	src/d8.cc	View		1 chunk	+0 lines, -1 line	0 comments	Download
	A	test/mjsunit/regress/regress-crbug-503968.js	View		1 chunk	+15 lines, -0 lines	0 comments	Download

Messages

Total messages: 6 (1 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1211433003/1

5 years, 5 months ago (2015-06-24 18:29:30 UTC) #4

commit-bot: I haz the power

5 years, 5 months ago (2015-06-24 18:32:00 UTC) #6

Message was sent while issue was closed.

Patchset 1 (id:??) landed as
https://crrev.com/5023335b4d0d48df880480a5baf6ca601912afe8
Cr-Commit-Position: refs/heads/master@{#29265}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages