projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8fe17a6) | patch
Fix bug when transferring SharedArrayBuffer to multiple Workers.
authorbinji <binji@chromium.org>
Mon, 6 Jul 2015 17:17:59 +0000 (10:17 -0700)
committerCommit bot <commit-bot@chromium.org>
Mon, 6 Jul 2015 17:18:06 +0000 (17:18 +0000)
commitdd7962bf7838f8379ba776ee6b7b0e4d3bec2140
tree134995f987b9c1b64bb0bbd6f83d9c2bcd762fc6tree | snapshot
parent8fe17a6780e763d4367b4aeaf44b6f572d4bdd70commit | diff
Fix bug when transferring SharedArrayBuffer to multiple Workers.

Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.

Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.

BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1215233004

Cr-Commit-Position: refs/heads/master@{#29499}
src/d8.cc diff | blob | history
src/d8.h diff | blob | history
test/mjsunit/d8-worker-sharedarraybuffer.js diff | blob | history
Domain: Web Framework / Web Engine;