diff options
| author | Joyee Cheung <joyeec9h3@gmail.com> | 2019-05-02 22:51:34 +0800 |
|---|---|---|
| committer | Ruben Bridgewater <ruben@bridgewater.de> | 2019-06-17 21:12:22 +0200 |
| commit | 9382b3be9c4d82dbae67502a8589125f5616e458 (patch) | |
| tree | 0e45906ec19d8fb44fff610a883186c2974d6b30 /deps | |
| parent | 60144295802efbf257d4c68f722c328fad87a6cb (diff) | |
| download | android-node-v8-9382b3be9c4d82dbae67502a8589125f5616e458.tar.gz android-node-v8-9382b3be9c4d82dbae67502a8589125f5616e458.tar.bz2 android-node-v8-9382b3be9c4d82dbae67502a8589125f5616e458.zip | |
deps: V8: cherry-pick e0a109c
Original commit message:
[api] Implement StartupData::CanBeRehashed() for the snapshot blob
This enables the embedder to check if the snapshot generated
from SnapshotCreator::CreateBlob() can be rehashed and the seed
can be recomputed during deserialization.
The lack of this functionality resulted in a temporary vunerability
in Node.js: https://github.com/nodejs/node/pull/27365
Change-Id: I88d52337217c40f79c26438be3c87d2db874d980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61175}
Refs: https://github.com/v8/v8/commit/e0a109c05821fa36ec20e1f25895c23baa8d64c3
PR-URL: https://github.com/nodejs/node/pull/27533
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'deps')
| -rw-r--r-- | deps/v8/include/v8.h | 7 | ||||
| -rw-r--r-- | deps/v8/src/api.cc | 5 | ||||
| -rw-r--r-- | deps/v8/src/snapshot/snapshot-common.cc | 4 | ||||
| -rw-r--r-- | deps/v8/src/snapshot/snapshot.h | 3 | ||||
| -rw-r--r-- | deps/v8/test/cctest/test-serialize.cc | 2 |
5 files changed, 19 insertions, 2 deletions
diff --git a/deps/v8/include/v8.h b/deps/v8/include/v8.h index b5b18a2985..3682c888cc 100644 --- a/deps/v8/include/v8.h +++ b/deps/v8/include/v8.h @@ -8605,6 +8605,13 @@ class V8_EXPORT Isolate { class V8_EXPORT StartupData { public: + /** + * Whether the data created can be rehashed and and the hash seed can be + * recomputed when deserialized. + * Only valid for StartupData returned by SnapshotCreator::CreateBlob(). + */ + bool CanBeRehashed() const; + const char* data; int raw_size; }; diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc index d912b8c6bb..f4f3fa309e 100644 --- a/deps/v8/src/api.cc +++ b/deps/v8/src/api.cc @@ -887,6 +887,11 @@ StartupData SnapshotCreator::CreateBlob( return result; } +bool StartupData::CanBeRehashed() const { + DCHECK(i::Snapshot::VerifyChecksum(this)); + return i::Snapshot::ExtractRehashability(this); +} + void V8::SetDcheckErrorHandler(DcheckErrorCallback that) { v8::base::SetDcheckFunction(that); } diff --git a/deps/v8/src/snapshot/snapshot-common.cc b/deps/v8/src/snapshot/snapshot-common.cc index 09532aafa0..271317836c 100644 --- a/deps/v8/src/snapshot/snapshot-common.cc +++ b/deps/v8/src/snapshot/snapshot-common.cc @@ -229,7 +229,9 @@ uint32_t Snapshot::ExtractContextOffset(const v8::StartupData* data, bool Snapshot::ExtractRehashability(const v8::StartupData* data) { CHECK_LT(kRehashabilityOffset, static_cast<uint32_t>(data->raw_size)); - return GetHeaderValue(data, kRehashabilityOffset) != 0; + uint32_t rehashability = GetHeaderValue(data, kRehashabilityOffset); + CHECK_IMPLIES(rehashability != 0, rehashability == 1); + return rehashability != 0; } namespace { diff --git a/deps/v8/src/snapshot/snapshot.h b/deps/v8/src/snapshot/snapshot.h index 9ac556bc61..3f50f1060e 100644 --- a/deps/v8/src/snapshot/snapshot.h +++ b/deps/v8/src/snapshot/snapshot.h @@ -87,11 +87,12 @@ class Snapshot : public AllStatic { static bool SnapshotIsValid(const v8::StartupData* snapshot_blob); #endif // DEBUG + static bool ExtractRehashability(const v8::StartupData* data); + private: static uint32_t ExtractNumContexts(const v8::StartupData* data); static uint32_t ExtractContextOffset(const v8::StartupData* data, uint32_t index); - static bool ExtractRehashability(const v8::StartupData* data); static Vector<const byte> ExtractStartupData(const v8::StartupData* data); static Vector<const byte> ExtractReadOnlyData(const v8::StartupData* data); static Vector<const byte> ExtractContextData(const v8::StartupData* data, diff --git a/deps/v8/test/cctest/test-serialize.cc b/deps/v8/test/cctest/test-serialize.cc index 972b1ca772..878ff9168e 100644 --- a/deps/v8/test/cctest/test-serialize.cc +++ b/deps/v8/test/cctest/test-serialize.cc @@ -3709,6 +3709,7 @@ UNINITIALIZED_TEST(ReinitializeHashSeedNotRehashable) { } blob = creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kClear); + CHECK(!blob.CanBeRehashed()); } i::FLAG_hash_seed = 1337; @@ -3774,6 +3775,7 @@ UNINITIALIZED_TEST(ReinitializeHashSeedRehashable) { } blob = creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kClear); + CHECK(blob.CanBeRehashed()); } i::FLAG_hash_seed = 1337; |