Chromium Code Reviews Chromium Code Reviews
Issue 2815663002:
Disable collection backing reallocation during pre finalizer (Closed)
| Index: third_party/WebKit/Source/platform/wtf/Vector.h |
| diff --git a/third_party/WebKit/Source/platform/wtf/Vector.h b/third_party/WebKit/Source/platform/wtf/Vector.h |
| index ad56d5760335b86d2e66feb8d61db9f4118de9d4..fe163631daf659731217938e87c850ead12812a2 100644 |
| --- a/third_party/WebKit/Source/platform/wtf/Vector.h |
| +++ b/third_party/WebKit/Source/platform/wtf/Vector.h |
| @@ -1594,6 +1594,9 @@ void Vector<T, inlineCapacity, Allocator>::ReserveCapacity( |
| ANNOTATE_CHANGE_CAPACITY(begin(), old_capacity, size_, Capacity()); |
| return; |
| } |
| + // Reallocating a backing buffer may resurrect a dead object. |
| + CHECK(!Allocator::IsObjectResurrectionForbidden()); |
| + |
| T* old_end = end(); |
| Base::AllocateExpandedBuffer(new_capacity); |
| ANNOTATE_NEW_BUFFER(begin(), Capacity(), size_); |
| @@ -1623,6 +1626,9 @@ void Vector<T, inlineCapacity, Allocator>::ShrinkCapacity(size_t new_capacity) { |
| if (new_capacity < size()) |
| Shrink(new_capacity); |
| + if (Allocator::IsObjectResurrectionForbidden()) |
|
sof
2017/04/15 18:57:31
Why leave early for the new_capacity == 0 case?
keishi
2017/04/17 06:37:55
Created fix at https://codereview.chromium.org/281
|
| + return; |
| + |
| T* old_buffer = begin(); |
| #ifdef ANNOTATE_CONTIGUOUS_CONTAINER |
| size_t old_capacity = Capacity(); |
