Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/serialize.h

Issue 841943002: Fix unsafe unaligned accesses in the serializer/deserializer. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: addressed comments Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/serialize.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef V8_SERIALIZE_H_ 5 #ifndef V8_SERIALIZE_H_
6 #define V8_SERIALIZE_H_ 6 #define V8_SERIALIZE_H_
7 7
8 #include "src/compiler.h" 8 #include "src/compiler.h"
9 #include "src/hashmap.h" 9 #include "src/hashmap.h"
10 #include "src/heap-profiler.h" 10 #include "src/heap-profiler.h"
(...skipping 464 matching lines...) Expand 10 before | Expand all | Expand 10 after
475 475
476 ~SerializedData() { 476 ~SerializedData() {
477 if (owns_data_) DeleteArray<byte>(data_); 477 if (owns_data_) DeleteArray<byte>(data_);
478 } 478 }
479 479
480 class ChunkSizeBits : public BitField<uint32_t, 0, 31> {}; 480 class ChunkSizeBits : public BitField<uint32_t, 0, 31> {};
481 class IsLastChunkBits : public BitField<bool, 31, 1> {}; 481 class IsLastChunkBits : public BitField<bool, 31, 1> {};
482 482
483 protected: 483 protected:
484 void SetHeaderValue(int offset, int value) { 484 void SetHeaderValue(int offset, int value) {
485 reinterpret_cast<int*>(data_)[offset] = value; 485 memcpy(reinterpret_cast<int*>(data_) + offset, &value, sizeof(value));
486 } 486 }
487 487
488 int GetHeaderValue(int offset) const { 488 int GetHeaderValue(int offset) const {
489 return reinterpret_cast<const int*>(data_)[offset]; 489 int value;
490 memcpy(&value, reinterpret_cast<int*>(data_) + offset, sizeof(value));
491 return value;
490 } 492 }
491 493
492 void AllocateData(int size); 494 void AllocateData(int size);
493 495
494 byte* data_; 496 byte* data_;
495 int size_; 497 int size_;
496 bool owns_data_; 498 bool owns_data_;
497 }; 499 };
498 500
499 501
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
537 virtual void VisitPointers(Object** start, Object** end); 539 virtual void VisitPointers(Object** start, Object** end);
538 540
539 virtual void VisitRuntimeEntry(RelocInfo* rinfo) { 541 virtual void VisitRuntimeEntry(RelocInfo* rinfo) {
540 UNREACHABLE(); 542 UNREACHABLE();
541 } 543 }
542 544
543 void DecodeReservation(Vector<const SerializedData::Reservation> res); 545 void DecodeReservation(Vector<const SerializedData::Reservation> res);
544 546
545 bool ReserveSpace(); 547 bool ReserveSpace();
546 548
549 void UnalignedCopy(Object** dest, Object** src) {
550 memcpy(dest, src, sizeof(*src));
551 }
552
547 // Allocation sites are present in the snapshot, and must be linked into 553 // Allocation sites are present in the snapshot, and must be linked into
548 // a list at deserialization time. 554 // a list at deserialization time.
549 void RelinkAllocationSite(AllocationSite* site); 555 void RelinkAllocationSite(AllocationSite* site);
550 556
551 // Fills in some heap data in an area from start to end (non-inclusive). The 557 // Fills in some heap data in an area from start to end (non-inclusive). The
552 // space id is used for the write barrier. The object_address is the address 558 // space id is used for the write barrier. The object_address is the address
553 // of the object we are writing into, or NULL if we are not writing into an 559 // of the object we are writing into, or NULL if we are not writing into an
554 // object, i.e. if we are writing a series of tagged values that are not on 560 // object, i.e. if we are writing a series of tagged values that are not on
555 // the heap. 561 // the heap.
556 void ReadData(Object** start, Object** end, int space, 562 void ReadData(Object** start, Object** end, int space,
(...skipping 376 matching lines...) Expand 10 before | Expand all | Expand 10 after
933 static const int kCheckSumOffset = 0; 939 static const int kCheckSumOffset = 0;
934 static const int kNumInternalizedStringsOffset = 1; 940 static const int kNumInternalizedStringsOffset = 1;
935 static const int kReservationsOffset = 2; 941 static const int kReservationsOffset = 2;
936 static const int kNumCodeStubKeysOffset = 3; 942 static const int kNumCodeStubKeysOffset = 3;
937 static const int kPayloadLengthOffset = 4; 943 static const int kPayloadLengthOffset = 4;
938 static const int kHeaderSize = (kPayloadLengthOffset + 1) * kIntSize; 944 static const int kHeaderSize = (kPayloadLengthOffset + 1) * kIntSize;
939 }; 945 };
940 } } // namespace v8::internal 946 } } // namespace v8::internal
941 947
942 #endif // V8_SERIALIZE_H_ 948 #endif // V8_SERIALIZE_H_
OLDNEW
« no previous file with comments | « no previous file | src/serialize.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698