review.tizen.org Git - platform/upstream/v8.git/commit

projects / platform / upstream / v8.git / commit

author	fedor <fedor@indutny.com>
	Wed, 16 Sep 2015 17:27:40 +0000 (10:27 -0700)
committer	Commit bot <commit-bot@chromium.org>
	Wed, 16 Sep 2015 17:27:59 +0000 (17:27 +0000)
commit	0d017282d32ce634f364461aa79ee996108f8b9d
tree	2739a9c74b3c63527a7d63c701dfd1c393c94e9e	tree \| snapshot
parent	1e2aecf3635a5fb01607fa65511d67902735d90c	commit \| diff

[objects] do not visit ArrayBuffer's backing store

ArrayBuffer's backing store is a pointer to external heap, and can't be
treated as a heap object. Doing so will result in crashes, when the
backing store is unaligned.

See: https://github.com/nodejs/node/issues/2791

BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1327403002

Cr-Commit-Position: refs/heads/master@{#30771}

Domain: Web Framework / Web Engine;

RSS Atom

src/heap/mark-compact.cc		diff \| blob \| history
src/heap/objects-visiting-inl.h		diff \| blob \| history
src/heap/objects-visiting.cc		diff \| blob \| history
src/heap/store-buffer.cc		diff \| blob \| history
src/objects-inl.h		diff \| blob \| history
src/objects.h		diff \| blob \| history
test/cctest/test-api.cc		diff \| blob \| history