diff options
| author | Joyee Cheung <joyeec9h3@gmail.com> | 2019-05-02 22:51:34 +0800 |
|---|---|---|
| committer | Joyee Cheung <joyeec9h3@gmail.com> | 2019-06-12 01:31:06 +0800 |
| commit | d2634be56258e2b957c1061c5f4d86792975bfa9 (patch) | |
| tree | a5c5924813d7d8cbda446183474e20af1953cf4d /deps/v8/src | |
| parent | 58fc168807458df7fd6991a0712836a997c734fe (diff) | |
| download | android-node-v8-d2634be56258e2b957c1061c5f4d86792975bfa9.tar.gz android-node-v8-d2634be56258e2b957c1061c5f4d86792975bfa9.tar.bz2 android-node-v8-d2634be56258e2b957c1061c5f4d86792975bfa9.zip | |
deps: V8: cherry-pick e0a109c
Original commit message:
[api] Implement StartupData::CanBeRehashed() for the snapshot blob
This enables the embedder to check if the snapshot generated
from SnapshotCreator::CreateBlob() can be rehashed and the seed
can be recomputed during deserialization.
The lack of this functionality resulted in a temporary vunerability
in Node.js: https://github.com/nodejs/node/pull/27365
Change-Id: I88d52337217c40f79c26438be3c87d2db874d980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61175}
Refs: https://github.com/v8/v8/commit/e0a109c05821fa36ec20e1f25895c23baa8d64c3
PR-URL: https://github.com/nodejs/node/pull/27533
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'deps/v8/src')
| -rw-r--r-- | deps/v8/src/api.cc | 5 | ||||
| -rw-r--r-- | deps/v8/src/snapshot/snapshot-common.cc | 4 | ||||
| -rw-r--r-- | deps/v8/src/snapshot/snapshot.h | 3 |
3 files changed, 10 insertions, 2 deletions
diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc index 4fe3daf9a6..98f75217cf 100644 --- a/deps/v8/src/api.cc +++ b/deps/v8/src/api.cc @@ -887,6 +887,11 @@ StartupData SnapshotCreator::CreateBlob( return result; } +bool StartupData::CanBeRehashed() const { + DCHECK(i::Snapshot::VerifyChecksum(this)); + return i::Snapshot::ExtractRehashability(this); +} + void V8::SetDcheckErrorHandler(DcheckErrorCallback that) { v8::base::SetDcheckFunction(that); } diff --git a/deps/v8/src/snapshot/snapshot-common.cc b/deps/v8/src/snapshot/snapshot-common.cc index 09532aafa0..271317836c 100644 --- a/deps/v8/src/snapshot/snapshot-common.cc +++ b/deps/v8/src/snapshot/snapshot-common.cc @@ -229,7 +229,9 @@ uint32_t Snapshot::ExtractContextOffset(const v8::StartupData* data, bool Snapshot::ExtractRehashability(const v8::StartupData* data) { CHECK_LT(kRehashabilityOffset, static_cast<uint32_t>(data->raw_size)); - return GetHeaderValue(data, kRehashabilityOffset) != 0; + uint32_t rehashability = GetHeaderValue(data, kRehashabilityOffset); + CHECK_IMPLIES(rehashability != 0, rehashability == 1); + return rehashability != 0; } namespace { diff --git a/deps/v8/src/snapshot/snapshot.h b/deps/v8/src/snapshot/snapshot.h index 9ac556bc61..3f50f1060e 100644 --- a/deps/v8/src/snapshot/snapshot.h +++ b/deps/v8/src/snapshot/snapshot.h @@ -87,11 +87,12 @@ class Snapshot : public AllStatic { static bool SnapshotIsValid(const v8::StartupData* snapshot_blob); #endif // DEBUG + static bool ExtractRehashability(const v8::StartupData* data); + private: static uint32_t ExtractNumContexts(const v8::StartupData* data); static uint32_t ExtractContextOffset(const v8::StartupData* data, uint32_t index); - static bool ExtractRehashability(const v8::StartupData* data); static Vector<const byte> ExtractStartupData(const v8::StartupData* data); static Vector<const byte> ExtractReadOnlyData(const v8::StartupData* data); static Vector<const byte> ExtractContextData(const v8::StartupData* data, |