Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2673683002:
HeapCompact: don't cast to BasePage before sanity check. (Closed)
DescriptionHeapCompact: don't cast to BasePage before sanity check.
Otherwise, the cast might be performed on a garbage memory and
CFI will detect that the cast is invalid as the vtable is invalid.
BUG=688055
Review-Url: https://codereview.chromium.org/2673683002
Cr-Commit-Position: refs/heads/master@{#447922}
Committed: https://chromium.googlesource.com/chromium/src/+/4116d5e5f6fd92ae9f75cc2bfe158068232c6dbe
Patch Set 1 #
Total comments: 4
Patch Set 2 : Add a comment #Messages
Total messages: 24 (14 generated)
krasin@chromium.org changed reviewers: + sigbjornf@opera.com
LGTM
On 2017/02/02 20:52:30, haraken wrote: > LGTM Thank you, Kentaro!
The CQ bit was checked by krasin@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by krasin@chromium.org
The CQ bit was checked by krasin@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromeos_amd64-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_amd64-...)
https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... File third_party/WebKit/Source/platform/heap/HeapCompact.cpp (left): https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... third_party/WebKit/Source/platform/heap/HeapCompact.cpp:247: // All pages that are being compacted. Could you update the comment to say that the void* points to the start of a BasePage? "page" is a bit generic.
The CQ bit was checked by krasin@chromium.org to run a CQ dry run
https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... File third_party/WebKit/Source/platform/heap/HeapCompact.cpp (left): https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... third_party/WebKit/Source/platform/heap/HeapCompact.cpp:247: // All pages that are being compacted. On 2017/02/02 22:04:41, sof wrote: > Could you update the comment to say that the void* points to the start of a > BasePage? "page" is a bit generic. Is it better now?
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: android_n5x_swarming_rel on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_n5x_...)
The CQ bit was checked by krasin@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from haraken@chromium.org Link to the patchset: https://codereview.chromium.org/2673683002/#ps20001 (title: "Add a comment")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 20001, "attempt_start_ts": 1486080492510510,
"parent_rev": "c097a72d4f220aeac388197965a1a64aa04a20e6", "commit_rev":
"4116d5e5f6fd92ae9f75cc2bfe158068232c6dbe"}
Message was sent while issue was closed.
Description was changed from ========== HeapCompact: don't cast to BasePage before sanity check. Otherwise, the cast might be performed on a garbage memory and CFI will detect that the cast is invalid as the vtable is invalid. BUG=688055 ========== to ========== HeapCompact: don't cast to BasePage before sanity check. Otherwise, the cast might be performed on a garbage memory and CFI will detect that the cast is invalid as the vtable is invalid. BUG=688055 Review-Url: https://codereview.chromium.org/2673683002 Cr-Commit-Position: refs/heads/master@{#447922} Committed: https://chromium.googlesource.com/chromium/src/+/4116d5e5f6fd92ae9f75cc2bfe15... ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001) as https://chromium.googlesource.com/chromium/src/+/4116d5e5f6fd92ae9f75cc2bfe15...
Message was sent while issue was closed.
lgtm https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... File third_party/WebKit/Source/platform/heap/HeapCompact.cpp (left): https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... third_party/WebKit/Source/platform/heap/HeapCompact.cpp:247: // All pages that are being compacted. On 2017/02/02 22:19:09, krasin1 wrote: > On 2017/02/02 22:04:41, sof wrote: > > Could you update the comment to say that the void* points to the start of a > > BasePage? "page" is a bit generic. > > Is it better now? Much better, thanks :) https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... File third_party/WebKit/Source/platform/heap/HeapCompact.cpp (right): https://codereview.chromium.org/2673683002/diff/1/third_party/WebKit/Source/p... third_party/WebKit/Source/platform/heap/HeapCompact.cpp:89: BasePage* slotPage = reinterpret_cast<BasePage*>(slotPageAddress); nit: now only used if DCHECK_IS_ON(). |
