| commit | e6defddc156efbd8d12f770b990dd51bbe3084ea | [log] [tgz] |
|---|---|---|
| author | Eric Holk <eholk@chromium.org> | Mon Sep 18 23:17:06 2017 |
| committer | Commit Bot <commit-bot@chromium.org> | Tue Sep 19 00:42:11 2017 |
| tree | a3f9a2d46f44888b69fbe1bb90305e88fd53873c | |
| parent | 3ac1947ea7e20c46eb95129dcb39d1a738df4f84 [diff] |
[d8] zero realm_count_ on RealmScope teardown Promises can sometimes be resolved after the RealmScope has been destroyed, such as when a Wasm compile job finishes after the script main has finished. If the Promise.then function refers to Realm.current, we were getting a use-after free error when it would search for the list of realms. This change also zeros out realm_count_ in addition to deleting the realms_ so that RealmFind will not reference freed memory. Bug: chromium:761710 Change-Id: I2d42997f363b284ccc5f4b225d3f59e0361e68d6 Reviewed-on: https://chromium-review.googlesource.com/671923 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48073}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://github.com/v8/v8/wiki
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned on the V8 wiki.