Skip to content
Snippets Groups Projects
  1. Nov 18, 2022
  2. Nov 19, 2022
  3. Nov 04, 2022
  4. Nov 03, 2022
  5. Nov 02, 2022
  6. Oct 26, 2022
  7. Oct 17, 2022
    • Jon Coppeard's avatar
      Bug 1791975 - Don't sweep realms that were allocated during incremental GC r=jandem, a=dmeehan · bdedfc85
      Jon Coppeard authored
      When marking a BaseShape we mark its global, and we read the pointer to that
      global from the realm. If a realm doesn't have a live global we can sweep the
      realm but there may still be pointers to it in base shapes and these are left
      dangling.
      
      This happens when we hit OOM while creating a global during an incremental GC.
      The BaseShape survives because it was allocated after the start of the GC. The
      global itself is never successfully created and so the realm doesn't have a
      live global and is swept. In this case, we trigger UAF when we try to compact
      the heap and trace the base shape.
      
      The patch adds an extra case for keeping a realm alive if it was created during
      an incremental GC. This matches the way that GC things are not collected if
      they are allocated after the start of a GC.
      
      Differential Revision: https://phabricator.services.mozilla.com/D158022
      bdedfc85
  8. Oct 06, 2022
  9. Sep 21, 2022
  10. Sep 19, 2022
  11. Sep 06, 2022
  12. Jul 28, 2022
  13. Aug 19, 2022
  14. Aug 03, 2022
  15. Jul 28, 2022
  16. Jul 25, 2022
  17. Jul 23, 2022
  18. Jun 16, 2022
  19. Jun 24, 2022
  20. Jun 07, 2022
  21. Jun 08, 2022
  22. Jun 01, 2022
  23. May 27, 2022
  24. May 26, 2022
  25. May 25, 2022
  26. May 24, 2022
Loading