Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(203)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 406523002: Oilpan: Make sure that vtables for garbage collected mixin objects have (Closed)

Created:
6 years, 5 months ago by Mads Ager (chromium)
Modified:
6 years, 4 months ago
CC:
blink-reviews, blink-reviews-html_chromium.org, Mads Ager (chromium), sof, eae+blinkwatch, blink-reviews-dom_chromium.org, dglazkov+blink, Rik, aandrey+blink_chromium.org, kouhei+heap_chromium.org, rwlbuis, oilpan-reviews
Project:
blink
Visibility:
Public.

Description

Oilpan: Make sure that vtables for garbage collected mixin objects have vtable entries for the trace method. If we get garbage collection during construction of an object with a virtual trace method we need to make sure that all vtables in the inheritance hierarchy have entries for the trace method. Otherwise, we can get out-of-bounds access of a super class vtable. R=erik.corry@gmail.com, haraken@chromium.org, wibling@chromium.org BUG=382557 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=178431

Patch Set 1 #

Patch Set 2 : Fix non-oilpan compilation #

Total comments: 3
Unified diffs Side-by-side diffs Delta from patch set Stats (+55 lines, -6 lines) Patch
M Source/core/dom/LiveNodeListBase.h View 1 1 chunk +1 line, -1 line 0 comments Download
M Source/core/html/canvas/WebGLRenderingContextBase.h View 1 chunk +2 lines, -0 lines 0 comments Download
M Source/core/html/forms/BaseMultipleFieldsDateAndTimeInputType.h View 1 chunk +2 lines, -0 lines 0 comments Download
M Source/core/html/forms/TextFieldInputType.h View 2 chunks +3 lines, -1 line 0 comments Download
M Source/platform/Supplementable.h View 1 chunk +4 lines, -1 line 2 comments Download
M Source/platform/heap/HeapTest.cpp View 1 chunk +40 lines, -0 lines 0 comments Download
M Source/platform/heap/Visitor.h View 1 chunk +3 lines, -2 lines 1 comment Download
M Source/platform/speech/PlatformSpeechSynthesizer.h View 1 chunk +0 lines, -1 line 0 comments Download

Messages

Total messages: 14 (0 generated)
Mads Ager (chromium)
6 years, 5 months ago (2014-07-18 08:40:02 UTC) #1
Mads Ager (chromium)
+oilpan-reviews
6 years, 5 months ago (2014-07-18 08:41:27 UTC) #2
wibling-chromium
lgtm
6 years, 5 months ago (2014-07-18 08:52:12 UTC) #3
Erik Corry
lgtm
6 years, 5 months ago (2014-07-18 09:05:52 UTC) #4
tkent
lgtm
6 years, 5 months ago (2014-07-18 09:13:39 UTC) #5
Mads Ager (chromium)
The CQ bit was checked by ager@chromium.org
6 years, 5 months ago (2014-07-18 09:27:59 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ager@chromium.org/406523002/1
6 years, 5 months ago (2014-07-18 09:29:48 UTC) #7
haraken
LGTM
6 years, 5 months ago (2014-07-18 09:37:38 UTC) #8
Mads Ager (chromium)
The CQ bit was checked by ager@chromium.org
6 years, 5 months ago (2014-07-18 10:04:54 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ager@chromium.org/406523002/20001
6 years, 5 months ago (2014-07-18 10:05:59 UTC) #10
commit-bot: I haz the power
Change committed as 178431
6 years, 5 months ago (2014-07-18 11:12:02 UTC) #11
zerny-chromium
https://codereview.chromium.org/406523002/diff/20001/Source/platform/Supplementable.h File Source/platform/Supplementable.h (right): https://codereview.chromium.org/406523002/diff/20001/Source/platform/Supplementable.h#newcode219 Source/platform/Supplementable.h:219: class GC_PLUGIN_IGNORE("http://crbug.com/395036") HeapSupplementable : public SupplementableBase<T, true>, public GarbageCollectedMixin ...
6 years, 5 months ago (2014-07-19 07:21:58 UTC) #12
zerny-chromium
On 2014/07/19 07:21:58, zerny-chromium wrote: > https://codereview.chromium.org/406523002/diff/20001/Source/platform/Supplementable.h > File Source/platform/Supplementable.h (right): > > https://codereview.chromium.org/406523002/diff/20001/Source/platform/Supplementable.h#newcode219 > ...
6 years, 5 months ago (2014-07-19 07:23:51 UTC) #13
wibling-chromium
6 years, 5 months ago (2014-07-21 08:38:49 UTC) #14
Message was sent while issue was closed. 
https://codereview.chromium.org/406523002/diff/20001/Source/platform/Suppleme...
File Source/platform/Supplementable.h (right):

https://codereview.chromium.org/406523002/diff/20001/Source/platform/Suppleme...
Source/platform/Supplementable.h:219: class
GC_PLUGIN_IGNORE("http://crbug.com/395036") HeapSupplementable : public
SupplementableBase<T, true>, public GarbageCollectedMixin {
On 2014/07/19 07:21:58, zerny-chromium wrote:
> DBC this ignore is really bad since it will executively disable the plugin
> checks for all derived classes too. 

FYI I am removing this ignore as part of removing off-heap tracing for hashmaps.
See
https://codereview.chromium.org/403333002/diff/1/Source/platform/Supplementab...
for details.

Powered by Google App Engine
This is Rietveld 408576698