Google Git
Sign in
chromium / v8 / v8 / 66c8de2cdac10cad9e622ecededda411b44ac5b3
commit66c8de2cdac10cad9e622ecededda411b44ac5b3[log] [tgz]
authorSamuel Groß <saelo@chromium.org>Tue Apr 19 12:49:01 2022
committerV8 LUCI CQ <v8-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Apr 27 08:18:18 2022
tree34e5a7d8152c90c50d3dd35182d01fe883086fcb
parentdbff30456e14ec3fec54869b3e41d091d2489461 [diff]
Harden Map.prototype.delete and related methods

These can be tricked into corrupting memory when an attacker can leak
the "hole" value due to a bug. This CL simply adds CHECKs to prevent
this. A longer-term solution might be to introduce "special-purpose
holes" so that a leaked "hole" value can no longer be used to confuse
unrelated code like the JSMap implementation because that would then use
a different "hole" value.

Bug: chromium:1315901
Change-Id: Id6c432d39fb97002fa67efe90d34014fc5408ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593783
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80201}
1 file changed
tree: 34e5a7d8152c90c50d3dd35182d01fe883086fcb
  1. .github/
  2. bazel/
  3. build_overrides/
  4. custom_deps/
  5. docs/
  6. gni/
  7. include/
  8. infra/
  9. samples/
  10. src/
  11. test/
  12. testing/
  13. third_party/
  14. tools/
  15. .bazelrc
  16. .clang-format
  17. .clang-tidy
  18. .editorconfig
  19. .flake8
  20. .git-blame-ignore-revs
  21. .gitattributes
  22. .gitignore
  23. .gn
  24. .mailmap
  25. .style.yapf
  26. .vpython
  27. .vpython3
  28. .ycm_extra_conf.py
  29. AUTHORS
  30. BUILD.bazel
  31. BUILD.gn
  32. CODE_OF_CONDUCT.md
  33. codereview.settings
  34. COMMON_OWNERS
  35. DEPS
  36. DIR_METADATA
  37. ENG_REVIEW_OWNERS
  38. INFRA_OWNERS
  39. INTL_OWNERS
  40. LICENSE
  41. LICENSE.fdlibm
  42. LICENSE.strongtalk
  43. LICENSE.v8
  44. LOONG_OWNERS
  45. MIPS_OWNERS
  46. OWNERS
  47. PPC_OWNERS
  48. PRESUBMIT.py
  49. README.md
  50. RISCV_OWNERS
  51. S390_OWNERS
  52. WATCHLISTS
  53. WORKSPACE
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.