commit | 4a12cb1022ba335ce087dcfe31b261355524b3bf | [log] [tgz] |
---|---|---|
author | Samuel Groß <saelo@chromium.org> | Fri May 20 09:53:14 2022 |
committer | V8 LUCI CQ <v8-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri May 20 11:09:25 2022 |
tree | 1e61eb2a622aee4ba018766387475ee3359da901 | |
parent | 58d19ed76a24b77615ef52e69c88a158735c46a3 [diff] |
[sandbox] Add new Memory Corruption API When enabled, this API exposes a new global 'Sandbox' object which contains a number of functions and objects that in effect emulate typical memory corruption primitives constructed by exploits. In particular, the 'MemoryView' constructor can construct ArrayBuffers instances that can corrupt arbitrary memory inside the sandbox. Further, the getAddressOf(obj) and getSizeInBytesOf(obj) functions can be used respectively to obtain the address (relative to the base of the sandbox) and size of any HeapObject that can be accessed from JavaScript. This API is useful for testing the sandbox, for example to facilitate developing PoC sandbox escapes or writing regression tests. In the future, it may also be used by custom V8 sandbox fuzzers. Bug: v8:12878 Change-Id: I4e420b2ff28bd834b0693f1546942e51c71bfdda Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650718 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#80659}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://v8.dev/docs
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8
and fetch all of its dependencies. To stay up to date, run
git pull origin gclient sync
For fetching all branches, add the following into your remote configuration in .git/config
:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/* fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned at v8.dev/docs/contribute.