| Index: src/heap/marking.h
|
| diff --git a/src/heap/marking.h b/src/heap/marking.h
|
| index 282dcd2f845bd0841bc1242afff089850fe6445f..b20a4d86f149bb7012d648563e47b90613c9fd5b 100644
|
| --- a/src/heap/marking.h
|
| +++ b/src/heap/marking.h
|
| @@ -227,10 +227,16 @@ class Bitmap {
|
| if (cells()[i] != ~0u) return false;
|
| }
|
| matching_mask = (end_index_mask - 1);
|
| - return ((cells()[end_cell_index] & matching_mask) == matching_mask);
|
| + // Check against a mask of 0 to avoid dereferencing the cell after the
|
| + // end of the bitmap.
|
| + return (matching_mask == 0) ||
|
| + ((cells()[end_cell_index] & matching_mask) == matching_mask);
|
| } else {
|
| matching_mask = end_index_mask - start_index_mask;
|
| - return (cells()[end_cell_index] & matching_mask) == matching_mask;
|
| + // Check against a mask of 0 to avoid dereferencing the cell after the
|
| + // end of the bitmap.
|
| + return (matching_mask == 0) ||
|
| + (cells()[end_cell_index] & matching_mask) == matching_mask;
|
| }
|
| }
|
|
|
| @@ -250,10 +256,14 @@ class Bitmap {
|
| if (cells()[i]) return false;
|
| }
|
| matching_mask = (end_index_mask - 1);
|
| - return !(cells()[end_cell_index] & matching_mask);
|
| + // Check against a mask of 0 to avoid dereferencing the cell after the
|
| + // end of the bitmap.
|
| + return (matching_mask == 0) || !(cells()[end_cell_index] & matching_mask);
|
| } else {
|
| matching_mask = end_index_mask - start_index_mask;
|
| - return !(cells()[end_cell_index] & matching_mask);
|
| + // Check against a mask of 0 to avoid dereferencing the cell after the
|
| + // end of the bitmap.
|
| + return (matching_mask == 0) || !(cells()[end_cell_index] & matching_mask);
|
| }
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2799283002:
[heap] Fix off-by-one cell read in verification methods (Closed)
